General

  • Target

    1ee0bbfe78f6da5eea5e4aad6992cfcfe3aa824584c04aa3fba5a0d9c605b997

  • Size

    179KB

  • Sample

    220215-ynx59saggj

  • MD5

    e4dd4afa81fb9a0725f2b20e25a32feb

  • SHA1

    a6cada7d8800aeee2dfb45e2853be90a3a99cfb9

  • SHA256

    1ee0bbfe78f6da5eea5e4aad6992cfcfe3aa824584c04aa3fba5a0d9c605b997

  • SHA512

    fac4fc91dc66f31aaccb9a1ec6ace77558b9c5806a9c28947294a73ad8c4501d6680d65c6fec461eae3502881a973e172b45fd472242baa8c873c447a34fb536

Score
10/10

Malware Config

Targets

    • Target

      1ee0bbfe78f6da5eea5e4aad6992cfcfe3aa824584c04aa3fba5a0d9c605b997

    • Size

      179KB

    • MD5

      e4dd4afa81fb9a0725f2b20e25a32feb

    • SHA1

      a6cada7d8800aeee2dfb45e2853be90a3a99cfb9

    • SHA256

      1ee0bbfe78f6da5eea5e4aad6992cfcfe3aa824584c04aa3fba5a0d9c605b997

    • SHA512

      fac4fc91dc66f31aaccb9a1ec6ace77558b9c5806a9c28947294a73ad8c4501d6680d65c6fec461eae3502881a973e172b45fd472242baa8c873c447a34fb536

    Score
    10/10
    • Conti Ransomware

      Ransomware generally thought to be a successor to Ryuk.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks