conti | 62e70efef5075232feada6857c97b388ec98e1bb175c501c429117f550a1ad66 | Triage

Sharing

General

Target

62e70efef5075232feada6857c97b388ec98e1bb175c501c429117f550a1ad66
Size

101KB
Sample

220215-ym4xesagfl
MD5

bca7db3c226cbe53066d793b453ab997
SHA1

c149323dc47646754a97c3c7c3b1a5c0f28667ba
SHA256

62e70efef5075232feada6857c97b388ec98e1bb175c501c429117f550a1ad66
SHA512

660252dd432df11fdcbe20e9b9d8ee459819506e147933099eea497de8cbe2ae1dd2e76300228a77a114a9a4ff27b40ecf6422108945c4feaf7e09a9f788f913

Score

10^/10

conti ransomware

Malware Config

Targets

- Target
  
  62e70efef5075232feada6857c97b388ec98e1bb175c501c429117f550a1ad66
- Size
  
  101KB
- MD5
  
  bca7db3c226cbe53066d793b453ab997
- SHA1
  
  c149323dc47646754a97c3c7c3b1a5c0f28667ba
- SHA256
  
  62e70efef5075232feada6857c97b388ec98e1bb175c501c429117f550a1ad66
- SHA512
  
  660252dd432df11fdcbe20e9b9d8ee459819506e147933099eea497de8cbe2ae1dd2e76300228a77a114a9a4ff27b40ecf6422108945c4feaf7e09a9f788f913
Score

10^/10

conti ransomware
- Conti Ransomware
  Ransomware generally thought to be a successor to Ryuk.
  ransomware conti
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

contiransomware

behavioral2

contiransomware