General
-
Target
949ee1522f6b132960d02bdd0681e28b0635a266d5ec7dcaa6838806beb927be
-
Size
170KB
-
Sample
211216-r93vbaccg4
-
MD5
4013532b5d10c140fd84a12e4b1d2229
-
SHA1
e982160e4872792a9fe4cc641f22ff8d1795b85f
-
SHA256
949ee1522f6b132960d02bdd0681e28b0635a266d5ec7dcaa6838806beb927be
-
SHA512
da185cc4ac72ac12992a888e3e4b796ef2f49331b0c3a1023dd8bdc2da3cffd76b6bf0fbd929371c07141207afd5dcbf152a162b448a69bb66f7e8f950a32b62
Static task
static1
Behavioral task
behavioral1
Sample
949ee1522f6b132960d02bdd0681e28b0635a266d5ec7dcaa6838806beb927be.exe
Resource
win10-en-20211208
Malware Config
Extracted
C:\readme.txt
conti
http://contirec7nchr45rx6ympez5rjldibnqzh7lsa56lvjvaeywhvoj3wad.onion/FGOqzlBY9Fj38NAF5jRhibjugpxT3whRFudQH8oM3nPHOnyk3mlXksTO1wbwvbRc
Targets
-
-
Target
949ee1522f6b132960d02bdd0681e28b0635a266d5ec7dcaa6838806beb927be
-
Size
170KB
-
MD5
4013532b5d10c140fd84a12e4b1d2229
-
SHA1
e982160e4872792a9fe4cc641f22ff8d1795b85f
-
SHA256
949ee1522f6b132960d02bdd0681e28b0635a266d5ec7dcaa6838806beb927be
-
SHA512
da185cc4ac72ac12992a888e3e4b796ef2f49331b0c3a1023dd8bdc2da3cffd76b6bf0fbd929371c07141207afd5dcbf152a162b448a69bb66f7e8f950a32b62
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-