General
-
Target
8907548328b9bc8e04d0949e4a0e3bb9b749b45a32d9d95cbb9d6b27154d4310
-
Size
197KB
-
Sample
211011-yf7pqshhhq
-
MD5
edf9d4b9b6a244e13df21ca99a265de1
-
SHA1
ead78959e5f6466db23aa712535586ae216a107a
-
SHA256
8907548328b9bc8e04d0949e4a0e3bb9b749b45a32d9d95cbb9d6b27154d4310
-
SHA512
f16a7beaaab07971b7e3d40698188386c645601d8fcb289782633cf8e6b549a26528143b3a79b0defb9306e75a0faec67ca33775c679dda0190ed66ac22b138e
Static task
static1
Behavioral task
behavioral1
Sample
8907548328b9bc8e04d0949e4a0e3bb9b749b45a32d9d95cbb9d6b27154d4310.dll
Resource
win7v20210408
Behavioral task
behavioral2
Sample
8907548328b9bc8e04d0949e4a0e3bb9b749b45a32d9d95cbb9d6b27154d4310.dll
Resource
win10v20210408
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.click
Targets
-
-
Target
8907548328b9bc8e04d0949e4a0e3bb9b749b45a32d9d95cbb9d6b27154d4310
-
Size
197KB
-
MD5
edf9d4b9b6a244e13df21ca99a265de1
-
SHA1
ead78959e5f6466db23aa712535586ae216a107a
-
SHA256
8907548328b9bc8e04d0949e4a0e3bb9b749b45a32d9d95cbb9d6b27154d4310
-
SHA512
f16a7beaaab07971b7e3d40698188386c645601d8fcb289782633cf8e6b549a26528143b3a79b0defb9306e75a0faec67ca33775c679dda0190ed66ac22b138e
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-