General
-
Target
fe6e84192da5c0210d4bd51e809792b28e60edb337917f903a7e9a31bc40cf86.bin.sample
-
Size
194KB
-
Sample
210928-lvx3mabfcl
-
MD5
aceec8b8d93705b4983d3cf9cda3f805
-
SHA1
946d3f00ea84cc3cdb4222cdc811e3eaca82ace8
-
SHA256
fe6e84192da5c0210d4bd51e809792b28e60edb337917f903a7e9a31bc40cf86
-
SHA512
0a79d75d0d832bcac027f4d03ecf3e77ccfbf53af269bff09b4887f8a4b01624e5dbdc454b315159cea8923035ed14c165ed7458e75835176cc2860185eea648
Static task
static1
Behavioral task
behavioral1
Sample
fe6e84192da5c0210d4bd51e809792b28e60edb337917f903a7e9a31bc40cf86.bin.sample.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
fe6e84192da5c0210d4bd51e809792b28e60edb337917f903a7e9a31bc40cf86.bin.sample.exe
Resource
win10v20210408
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.click
Targets
-
-
Target
fe6e84192da5c0210d4bd51e809792b28e60edb337917f903a7e9a31bc40cf86.bin.sample
-
Size
194KB
-
MD5
aceec8b8d93705b4983d3cf9cda3f805
-
SHA1
946d3f00ea84cc3cdb4222cdc811e3eaca82ace8
-
SHA256
fe6e84192da5c0210d4bd51e809792b28e60edb337917f903a7e9a31bc40cf86
-
SHA512
0a79d75d0d832bcac027f4d03ecf3e77ccfbf53af269bff09b4887f8a4b01624e5dbdc454b315159cea8923035ed14c165ed7458e75835176cc2860185eea648
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-