General
-
Target
5145222641254400.zip
-
Size
565KB
-
Sample
211111-hs3zbaahd3
-
MD5
c6ab1be5e0a615b77d779ee231877d33
-
SHA1
94c4e2cbd8370a37a4e1a2ceedb0b1fbc52b477c
-
SHA256
495115de3059c77205e1f4d4acd2588834caa94873bd0465c385e96655751f99
-
SHA512
1269d094cc07269edccad663f79c08401d39cdb926643783a3cd70f94bb41a5fd09dc572426b4c96ad596913f7576c9b3a697105d8fa44729764023b7995597c
Static task
static1
Behavioral task
behavioral1
Sample
37410f45bab40e0d5e8e2160b480d928c975fadbe423be884678b924d66871d2.dll
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
37410f45bab40e0d5e8e2160b480d928c975fadbe423be884678b924d66871d2.dll
Resource
win10-en-20211104
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.ws
Targets
-
-
Target
37410f45bab40e0d5e8e2160b480d928c975fadbe423be884678b924d66871d2
-
Size
901KB
-
MD5
8371d1c15af2ffa8111deef437997d79
-
SHA1
d4b427988b2876546c2e00329ac1b9ba3905c9b8
-
SHA256
37410f45bab40e0d5e8e2160b480d928c975fadbe423be884678b924d66871d2
-
SHA512
d09c4b72f2f9219d12cb2735a835382b1fb5c4e0f8487a5b025494a7576780c893e48f713b5986d93328fe92642ca47794d1fca95cf65c1cb1835daab17db23a
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-