General
-
Target
1fa52ca9e2fbb3b80e63b6cbfc776bf1c14d434afe50167a4b11ffdbe1987b79.bin.sample
-
Size
170KB
-
Sample
211215-nga22shdd3
-
MD5
2dde0778ba34248e2a643a44f4f2b49f
-
SHA1
5562b30ca3143a31491595d71d6082c404e7a6c6
-
SHA256
1fa52ca9e2fbb3b80e63b6cbfc776bf1c14d434afe50167a4b11ffdbe1987b79
-
SHA512
a58a3e300b41a90c199bd73bd2f538f0b94f073f86ae3214109caabcfd4f739dd9454c0b538847b07c955b048740a2737fae6b1f3988880ea3025adb53e51089
Static task
static1
Behavioral task
behavioral1
Sample
1fa52ca9e2fbb3b80e63b6cbfc776bf1c14d434afe50167a4b11ffdbe1987b79.bin.sample.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
1fa52ca9e2fbb3b80e63b6cbfc776bf1c14d434afe50167a4b11ffdbe1987b79.bin.sample.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\readme.txt
conti
http://contirec7nchr45rx6ympez5rjldibnqzh7lsa56lvjvaeywhvoj3wad.onion/CRYw7aW6XKQVmbX2DmsLsHyLJJifiT4XLWmSv3Eo5V4pwDkcy6JhL2Y6T2pWXY5g
Targets
-
-
Target
1fa52ca9e2fbb3b80e63b6cbfc776bf1c14d434afe50167a4b11ffdbe1987b79.bin.sample
-
Size
170KB
-
MD5
2dde0778ba34248e2a643a44f4f2b49f
-
SHA1
5562b30ca3143a31491595d71d6082c404e7a6c6
-
SHA256
1fa52ca9e2fbb3b80e63b6cbfc776bf1c14d434afe50167a4b11ffdbe1987b79
-
SHA512
a58a3e300b41a90c199bd73bd2f538f0b94f073f86ae3214109caabcfd4f739dd9454c0b538847b07c955b048740a2737fae6b1f3988880ea3025adb53e51089
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-