General
-
Target
JAFTEXx86.dll
-
Size
190KB
-
Sample
211111-zt2ajshccp
-
MD5
24819ec6a4f57ac3d84538d1b2f422cd
-
SHA1
2c1ca712d5c1f0920d13208796975afc01ce6b81
-
SHA256
e043dea504d025f18f406d9649b64498338f3330ab9cf30e4efe9c0c2c0231df
-
SHA512
b8720879eff6529a80bc86d6f763561e214c2e4bcd5aacd028d316ef6254c1e584c42afd05d9b7139f21a0ad1c3528dc189898ae37735686ad564ba4ae825214
Static task
static1
Behavioral task
behavioral1
Sample
JAFTEXx86.dll
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
JAFTEXx86.dll
Resource
win10-en-20211014
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.ws
Targets
-
-
Target
JAFTEXx86.dll
-
Size
190KB
-
MD5
24819ec6a4f57ac3d84538d1b2f422cd
-
SHA1
2c1ca712d5c1f0920d13208796975afc01ce6b81
-
SHA256
e043dea504d025f18f406d9649b64498338f3330ab9cf30e4efe9c0c2c0231df
-
SHA512
b8720879eff6529a80bc86d6f763561e214c2e4bcd5aacd028d316ef6254c1e584c42afd05d9b7139f21a0ad1c3528dc189898ae37735686ad564ba4ae825214
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-