General
-
Target
x64.dll
-
Size
230KB
-
Sample
211118-lrhhrsccdl
-
MD5
81b3b6eb0ffb0d14494b17c833281676
-
SHA1
a6669ac884c1fb52769bd6dd5f961fec4daa2fe1
-
SHA256
e422aa32b5f26a15aedba1bf597a163cd99c4c7777608bf05c8be3b404d825a1
-
SHA512
cc20b2411eb2e44ab8e001cb49bd98d9ad0fc581ce56c9aff866ed87db2b2e4574ada835d4666991324d052e6f75affdaa8ab6e1dba646f81da8143bbc9daa15
Static task
static1
Behavioral task
behavioral1
Sample
x64.dll
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
x64.dll
Resource
win10-en-20211104
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.ws
Targets
-
-
Target
x64.dll
-
Size
230KB
-
MD5
81b3b6eb0ffb0d14494b17c833281676
-
SHA1
a6669ac884c1fb52769bd6dd5f961fec4daa2fe1
-
SHA256
e422aa32b5f26a15aedba1bf597a163cd99c4c7777608bf05c8be3b404d825a1
-
SHA512
cc20b2411eb2e44ab8e001cb49bd98d9ad0fc581ce56c9aff866ed87db2b2e4574ada835d4666991324d052e6f75affdaa8ab6e1dba646f81da8143bbc9daa15
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-