General
-
Target
863d82a4eb70e21ae6284b2aa4682733802de0a0675eec6253b69447a8c7383f
-
Size
371KB
-
Sample
211124-mlpwbscdeq
-
MD5
fdc42c395d6982af8b045581fcb0a6df
-
SHA1
bebee875a7cb6d577dd382f50f9414f3dacc3db1
-
SHA256
863d82a4eb70e21ae6284b2aa4682733802de0a0675eec6253b69447a8c7383f
-
SHA512
13dd40c0a7eb84c33d529bca4c1e8a3ea3124fd520508f465eb41a3b284a7eb00ca841fbe1899b0447da0d29f72fceb3cdade18dd636f7e3b8e493b00d4973d5
Static task
static1
Behavioral task
behavioral1
Sample
863d82a4eb70e21ae6284b2aa4682733802de0a0675eec6253b69447a8c7383f.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
863d82a4eb70e21ae6284b2aa4682733802de0a0675eec6253b69447a8c7383f.exe
Resource
win10-en-20211014
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.ws
Targets
-
-
Target
863d82a4eb70e21ae6284b2aa4682733802de0a0675eec6253b69447a8c7383f
-
Size
371KB
-
MD5
fdc42c395d6982af8b045581fcb0a6df
-
SHA1
bebee875a7cb6d577dd382f50f9414f3dacc3db1
-
SHA256
863d82a4eb70e21ae6284b2aa4682733802de0a0675eec6253b69447a8c7383f
-
SHA512
13dd40c0a7eb84c33d529bca4c1e8a3ea3124fd520508f465eb41a3b284a7eb00ca841fbe1899b0447da0d29f72fceb3cdade18dd636f7e3b8e493b00d4973d5
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-