General
-
Target
3402d9d20bc4622a87c2533484fb98889a5a85bf3191192faf4ef8431f7a4b9c.bin.sample
-
Size
185KB
-
Sample
210928-y2vbjadafr
-
MD5
1ac77c173fba7dd1475e84c50be35767
-
SHA1
3fd475ff9035742ff45d8a85c05e0c3fca453326
-
SHA256
3402d9d20bc4622a87c2533484fb98889a5a85bf3191192faf4ef8431f7a4b9c
-
SHA512
e02ad3865e5790c17636f661f2a2aaab2ce5dd3efb78cb3402604fbd8cd058714fdba6dd78071c2710e99d2944f6607cba3545d0ca252fbdda4878d0a017f90f
Static task
static1
Behavioral task
behavioral1
Sample
3402d9d20bc4622a87c2533484fb98889a5a85bf3191192faf4ef8431f7a4b9c.bin.sample.exe
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
3402d9d20bc4622a87c2533484fb98889a5a85bf3191192faf4ef8431f7a4b9c.bin.sample.exe
Resource
win10-en-20210920
Malware Config
Extracted
C:\R3ADM3.txt
conti
http://m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid.onion
https://contirecovery.info
Targets
-
-
Target
3402d9d20bc4622a87c2533484fb98889a5a85bf3191192faf4ef8431f7a4b9c.bin.sample
-
Size
185KB
-
MD5
1ac77c173fba7dd1475e84c50be35767
-
SHA1
3fd475ff9035742ff45d8a85c05e0c3fca453326
-
SHA256
3402d9d20bc4622a87c2533484fb98889a5a85bf3191192faf4ef8431f7a4b9c
-
SHA512
e02ad3865e5790c17636f661f2a2aaab2ce5dd3efb78cb3402604fbd8cd058714fdba6dd78071c2710e99d2944f6607cba3545d0ca252fbdda4878d0a017f90f
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-