General
-
Target
4b2358bac7fac727d1587365e2d91660b1ed44d1be95c6ff8c61e2cb9e747f19.bin.sample
-
Size
230KB
-
Sample
210929-yat7fsfggk
-
MD5
ae1397fc1412a7d64c649dd6d9903bf7
-
SHA1
d729ace39e2bf9010b0af00309a9cf6f471c6685
-
SHA256
4b2358bac7fac727d1587365e2d91660b1ed44d1be95c6ff8c61e2cb9e747f19
-
SHA512
44c6b48c91fe5e0c58e587ded40f1bd1820a04b2a8e6b4ce9e3a2dd443d2fd96713c14e84d3b8bdc79a54a655e83d2e1aaa229fed8f5c58c4d879708236fcb96
Static task
static1
Behavioral task
behavioral1
Sample
4b2358bac7fac727d1587365e2d91660b1ed44d1be95c6ff8c61e2cb9e747f19.bin.sample.dll
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
4b2358bac7fac727d1587365e2d91660b1ed44d1be95c6ff8c61e2cb9e747f19.bin.sample.dll
Resource
win10-en-20210920
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.click
Targets
-
-
Target
4b2358bac7fac727d1587365e2d91660b1ed44d1be95c6ff8c61e2cb9e747f19.bin.sample
-
Size
230KB
-
MD5
ae1397fc1412a7d64c649dd6d9903bf7
-
SHA1
d729ace39e2bf9010b0af00309a9cf6f471c6685
-
SHA256
4b2358bac7fac727d1587365e2d91660b1ed44d1be95c6ff8c61e2cb9e747f19
-
SHA512
44c6b48c91fe5e0c58e587ded40f1bd1820a04b2a8e6b4ce9e3a2dd443d2fd96713c14e84d3b8bdc79a54a655e83d2e1aaa229fed8f5c58c4d879708236fcb96
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-