General
-
Target
34366c9a9ac34dd9016abd406cffe713a3e8606e8600e6cb07e0242904f91a5b
-
Size
194KB
-
Sample
211119-z8klcaefc3
-
MD5
4220529bbf818e00cdec2ebbf4b24565
-
SHA1
2c0d7929b304a3cf633e432dd9b580f2c3fb5a0b
-
SHA256
34366c9a9ac34dd9016abd406cffe713a3e8606e8600e6cb07e0242904f91a5b
-
SHA512
6fa9cb66438d99bfe41b45b690db65a455050bae4ce2386aa44d451891d5beeb24e7df28c67ea863aa944ed734aa668e40909868bbf28f261f8b289e2428ce73
Static task
static1
Behavioral task
behavioral1
Sample
34366c9a9ac34dd9016abd406cffe713a3e8606e8600e6cb07e0242904f91a5b.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
34366c9a9ac34dd9016abd406cffe713a3e8606e8600e6cb07e0242904f91a5b.exe
Resource
win10-en-20211014
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.ws
Targets
-
-
Target
34366c9a9ac34dd9016abd406cffe713a3e8606e8600e6cb07e0242904f91a5b
-
Size
194KB
-
MD5
4220529bbf818e00cdec2ebbf4b24565
-
SHA1
2c0d7929b304a3cf633e432dd9b580f2c3fb5a0b
-
SHA256
34366c9a9ac34dd9016abd406cffe713a3e8606e8600e6cb07e0242904f91a5b
-
SHA512
6fa9cb66438d99bfe41b45b690db65a455050bae4ce2386aa44d451891d5beeb24e7df28c67ea863aa944ed734aa668e40909868bbf28f261f8b289e2428ce73
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-