General
-
Target
ebeca2df24a55c629cf0ce0d4b703ed632819d8ac101b1b930ec666760036124
-
Size
185KB
-
Sample
211214-rsljpsfhb9
-
MD5
7076f9674bc42536d1e0e2ca80d1e4f6
-
SHA1
854485ee63e5a399fffe150f04cd038d6a5490ef
-
SHA256
ebeca2df24a55c629cf0ce0d4b703ed632819d8ac101b1b930ec666760036124
-
SHA512
71c507108cc0c8b5609076672bd0b64a42c015995fe7220aa97e273c1754e63271edb06b284f4fc01b71a4751c1bcac0f572339e94ff0fd538dc0250caa9181a
Static task
static1
Behavioral task
behavioral1
Sample
ebeca2df24a55c629cf0ce0d4b703ed632819d8ac101b1b930ec666760036124.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
ebeca2df24a55c629cf0ce0d4b703ed632819d8ac101b1b930ec666760036124.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\R3ADM3.txt
conti
http://m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid.onion
https://contirecovery.info
Targets
-
-
Target
ebeca2df24a55c629cf0ce0d4b703ed632819d8ac101b1b930ec666760036124
-
Size
185KB
-
MD5
7076f9674bc42536d1e0e2ca80d1e4f6
-
SHA1
854485ee63e5a399fffe150f04cd038d6a5490ef
-
SHA256
ebeca2df24a55c629cf0ce0d4b703ed632819d8ac101b1b930ec666760036124
-
SHA512
71c507108cc0c8b5609076672bd0b64a42c015995fe7220aa97e273c1754e63271edb06b284f4fc01b71a4751c1bcac0f572339e94ff0fd538dc0250caa9181a
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-