General
-
Target
64-dll.zip
-
Size
315KB
-
Sample
211116-p19kdsaghk
-
MD5
80562c8190081d77ba23bf496398f007
-
SHA1
44f9cc5c9fb07316c8b2059d2e31d197dbb58ad7
-
SHA256
225572a8f131f5c3ef8f354b60de12c6a3788d37cd88cdaa59fd0e22881ba0a9
-
SHA512
602b05ba235be606f48f13274a3a7050c96044d36255f8bc1e95297b64b15ef5a4f4024bcb30019f50ff17dd4d9275b190ab98c869181c4309e026cf0e90f393
Static task
static1
Behavioral task
behavioral1
Sample
d9e22fee4d6961d7917429968891637e0c05e8c55e0c907c1cfa3a59482c687f.dll
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
d9e22fee4d6961d7917429968891637e0c05e8c55e0c907c1cfa3a59482c687f.dll
Resource
win10-en-20211104
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.ws
Targets
-
-
Target
d9e22fee4d6961d7917429968891637e0c05e8c55e0c907c1cfa3a59482c687f
-
Size
538KB
-
MD5
b45bc7def43bf26c5b2a3f60c9de2406
-
SHA1
b2994cb2feb5bddb363103805a7296104e0383ef
-
SHA256
d9e22fee4d6961d7917429968891637e0c05e8c55e0c907c1cfa3a59482c687f
-
SHA512
9fec6d42441f05871da3e9d520635c38e50c82e5c70405a598c521aa273336183a46a239db881346f6aada89408b91e655cd49d25e717d871312b4c01c7d315b
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-