General
-
Target
b2365e9dbed11615908276e371bb40400eea0563752527ef91aeb8105de1d16f
-
Size
984KB
-
Sample
211105-y6yvhscgc9
-
MD5
d5830d258e4aa138b21a0841d85f4e2a
-
SHA1
d82f858eaac39c4ce5f20cf6db8414de7147b4e3
-
SHA256
b2365e9dbed11615908276e371bb40400eea0563752527ef91aeb8105de1d16f
-
SHA512
9cb37cc4e8292a189c390f6b0df912a24870e762f79a23c94a005c62e7b518f637b0de697a306b3543cda294b5ce9e45324edca3fc6f8c8b496d659dcb4a6e19
Static task
static1
Behavioral task
behavioral1
Sample
b2365e9dbed11615908276e371bb40400eea0563752527ef91aeb8105de1d16f.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
b2365e9dbed11615908276e371bb40400eea0563752527ef91aeb8105de1d16f.exe
Resource
win10-en-20211014
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.ws
Targets
-
-
Target
b2365e9dbed11615908276e371bb40400eea0563752527ef91aeb8105de1d16f
-
Size
984KB
-
MD5
d5830d258e4aa138b21a0841d85f4e2a
-
SHA1
d82f858eaac39c4ce5f20cf6db8414de7147b4e3
-
SHA256
b2365e9dbed11615908276e371bb40400eea0563752527ef91aeb8105de1d16f
-
SHA512
9cb37cc4e8292a189c390f6b0df912a24870e762f79a23c94a005c62e7b518f637b0de697a306b3543cda294b5ce9e45324edca3fc6f8c8b496d659dcb4a6e19
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-