General
-
Target
bc413e02defccc55f1c9925e9cf4fde4a714db1e06c6e021ddbd4b15cf2613d7
-
Size
215KB
-
Sample
210929-g1vr8sdgc4
-
MD5
e099a53fdcef7bdfb58b3a7b4f42e4d2
-
SHA1
1b3611aae8621f1d135950841d6a6a8edab7ea4f
-
SHA256
bc413e02defccc55f1c9925e9cf4fde4a714db1e06c6e021ddbd4b15cf2613d7
-
SHA512
b1be1a23b74f4f5cb4eaf08e040d5113856d8c4d739decf3f1682fc1fe6db9424e52870232dddf8a2e2f5c4f4829e6d0dd6d15a4201f02eebf81e5249d340de2
Static task
static1
Behavioral task
behavioral1
Sample
bc413e02defccc55f1c9925e9cf4fde4a714db1e06c6e021ddbd4b15cf2613d7.dll
Resource
win7v20210408
Behavioral task
behavioral2
Sample
bc413e02defccc55f1c9925e9cf4fde4a714db1e06c6e021ddbd4b15cf2613d7.dll
Resource
win10v20210408
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.top/
Targets
-
-
Target
bc413e02defccc55f1c9925e9cf4fde4a714db1e06c6e021ddbd4b15cf2613d7
-
Size
215KB
-
MD5
e099a53fdcef7bdfb58b3a7b4f42e4d2
-
SHA1
1b3611aae8621f1d135950841d6a6a8edab7ea4f
-
SHA256
bc413e02defccc55f1c9925e9cf4fde4a714db1e06c6e021ddbd4b15cf2613d7
-
SHA512
b1be1a23b74f4f5cb4eaf08e040d5113856d8c4d739decf3f1682fc1fe6db9424e52870232dddf8a2e2f5c4f4829e6d0dd6d15a4201f02eebf81e5249d340de2
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-