General
-
Target
1442db21423296acfbd729481cc5f3edb80591383a009f9feeb0ef2675cfc487
-
Size
194KB
-
Sample
211116-gch4jahebm
-
MD5
a35a0ad3e3600c94e00f52dfb0d28103
-
SHA1
8c2af54642a32926dee8a2520d3d979d5f30ee27
-
SHA256
1442db21423296acfbd729481cc5f3edb80591383a009f9feeb0ef2675cfc487
-
SHA512
4db5829a04fcfa7eed2b4159cd47336f2735826a950d4600e779cb9914964c5db54068498676e3820f2889a74c04660ae085d7e9d5efa773f70db9bef427bc3b
Static task
static1
Behavioral task
behavioral1
Sample
1442db21423296acfbd729481cc5f3edb80591383a009f9feeb0ef2675cfc487.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
1442db21423296acfbd729481cc5f3edb80591383a009f9feeb0ef2675cfc487.exe
Resource
win10-en-20211014
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.click
Targets
-
-
Target
1442db21423296acfbd729481cc5f3edb80591383a009f9feeb0ef2675cfc487
-
Size
194KB
-
MD5
a35a0ad3e3600c94e00f52dfb0d28103
-
SHA1
8c2af54642a32926dee8a2520d3d979d5f30ee27
-
SHA256
1442db21423296acfbd729481cc5f3edb80591383a009f9feeb0ef2675cfc487
-
SHA512
4db5829a04fcfa7eed2b4159cd47336f2735826a950d4600e779cb9914964c5db54068498676e3820f2889a74c04660ae085d7e9d5efa773f70db9bef427bc3b
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-