General
-
Target
rw.dll
-
Size
356KB
-
Sample
211025-fl5s8afeg7
-
MD5
a4893ca94d909ae8a152a8afc1a66523
-
SHA1
cfe5b8b1dba12c328994b2977ef6d82138c406dc
-
SHA256
54f3ad16acb12eb0c69afc3dee0c9354a8a1477e590ce223ebe2845de8470d37
-
SHA512
d5b97a444336a8fb2b136c8215e88ce032accce9704c9a7e7006a94c2b967dc032714ac109a0732ca9bd68454c58772bf79f244ecbe6f0952837745951d24540
Static task
static1
Behavioral task
behavioral1
Sample
rw.dll
Resource
win7-en-20210920
Behavioral task
behavioral2
Sample
rw.dll
Resource
win10-en-20211014
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.click
Targets
-
-
Target
rw.dll
-
Size
356KB
-
MD5
a4893ca94d909ae8a152a8afc1a66523
-
SHA1
cfe5b8b1dba12c328994b2977ef6d82138c406dc
-
SHA256
54f3ad16acb12eb0c69afc3dee0c9354a8a1477e590ce223ebe2845de8470d37
-
SHA512
d5b97a444336a8fb2b136c8215e88ce032accce9704c9a7e7006a94c2b967dc032714ac109a0732ca9bd68454c58772bf79f244ecbe6f0952837745951d24540
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-