General
-
Target
73bd8c2aa71f5dcd9d2ddd79e53656c6ae3db2535e08cf9dab1cd13bdd6d5ea3
-
Size
189KB
-
Sample
220215-ymrxvsheh3
-
MD5
811c6de9ce787c8d540a09795a5673c1
-
SHA1
604eb2e2d9573143730210fd57bda01c59447080
-
SHA256
73bd8c2aa71f5dcd9d2ddd79e53656c6ae3db2535e08cf9dab1cd13bdd6d5ea3
-
SHA512
9a319f7073566269656e2fe98edd712718976fdcc614a8b583199b0036d0511e37fcecec1cfe3f0c6db87b61f69d1d389e37b70f24e0fe658f3ea122e2c43c1a
Static task
static1
Behavioral task
behavioral1
Sample
73bd8c2aa71f5dcd9d2ddd79e53656c6ae3db2535e08cf9dab1cd13bdd6d5ea3.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
73bd8c2aa71f5dcd9d2ddd79e53656c6ae3db2535e08cf9dab1cd13bdd6d5ea3.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\readme.txt
conti
http://m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid.onion
https://contirecovery.best
Targets
-
-
Target
73bd8c2aa71f5dcd9d2ddd79e53656c6ae3db2535e08cf9dab1cd13bdd6d5ea3
-
Size
189KB
-
MD5
811c6de9ce787c8d540a09795a5673c1
-
SHA1
604eb2e2d9573143730210fd57bda01c59447080
-
SHA256
73bd8c2aa71f5dcd9d2ddd79e53656c6ae3db2535e08cf9dab1cd13bdd6d5ea3
-
SHA512
9a319f7073566269656e2fe98edd712718976fdcc614a8b583199b0036d0511e37fcecec1cfe3f0c6db87b61f69d1d389e37b70f24e0fe658f3ea122e2c43c1a
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-