General
-
Target
a05c8129e607c6d0976d79f69c6a020d15767a9ef3a9c9f1570c5193a7b5b76b.dll
-
Size
190KB
-
Sample
211217-mlcwrsdeb9
-
MD5
ee328adf516df520ebe7dc79bd9d027e
-
SHA1
75e3e543001895354dc556b413cb3a4a440bb3ad
-
SHA256
a05c8129e607c6d0976d79f69c6a020d15767a9ef3a9c9f1570c5193a7b5b76b
-
SHA512
e02b5eb0c5337437a7c0d19bde9ed8f08e4be5c85e529d217c5e9a214809914a1a4b82deee181f57eb0fb7389819273b822298a8e2bd56400b8d15b29210235e
Static task
static1
Behavioral task
behavioral1
Sample
a05c8129e607c6d0976d79f69c6a020d15767a9ef3a9c9f1570c5193a7b5b76b.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
a05c8129e607c6d0976d79f69c6a020d15767a9ef3a9c9f1570c5193a7b5b76b.dll
Resource
win10-en-20211208
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.ws
Targets
-
-
Target
a05c8129e607c6d0976d79f69c6a020d15767a9ef3a9c9f1570c5193a7b5b76b.dll
-
Size
190KB
-
MD5
ee328adf516df520ebe7dc79bd9d027e
-
SHA1
75e3e543001895354dc556b413cb3a4a440bb3ad
-
SHA256
a05c8129e607c6d0976d79f69c6a020d15767a9ef3a9c9f1570c5193a7b5b76b
-
SHA512
e02b5eb0c5337437a7c0d19bde9ed8f08e4be5c85e529d217c5e9a214809914a1a4b82deee181f57eb0fb7389819273b822298a8e2bd56400b8d15b29210235e
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-