General

  • Target

    81792fcbaad868d2e4aca1ed372f4a5abb34372d3265d5712a65cdfe05e42df8

  • Size

    101KB

  • Sample

    220215-ymmcdaagep

  • MD5

    2d018bbe6d2b738944a4fb92d63bb3f9

  • SHA1

    1a244bb0c42926ec181fe4d7e9515011168ca025

  • SHA256

    81792fcbaad868d2e4aca1ed372f4a5abb34372d3265d5712a65cdfe05e42df8

  • SHA512

    a097e5ea19eb2edbb40546ec9bdf4ea100a7bf8de9a8b2e0d223e9333461ad0e295f362a2f0cf2ad076f9abffaa9f72c42dcb48d7fae724dee8907fae49f07e9

Score
10/10

Malware Config

Targets

    • Target

      81792fcbaad868d2e4aca1ed372f4a5abb34372d3265d5712a65cdfe05e42df8

    • Size

      101KB

    • MD5

      2d018bbe6d2b738944a4fb92d63bb3f9

    • SHA1

      1a244bb0c42926ec181fe4d7e9515011168ca025

    • SHA256

      81792fcbaad868d2e4aca1ed372f4a5abb34372d3265d5712a65cdfe05e42df8

    • SHA512

      a097e5ea19eb2edbb40546ec9bdf4ea100a7bf8de9a8b2e0d223e9333461ad0e295f362a2f0cf2ad076f9abffaa9f72c42dcb48d7fae724dee8907fae49f07e9

    Score
    10/10
    • Conti Ransomware

      Ransomware generally thought to be a successor to Ryuk.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks