General

  • Target

    conti.exe

  • Size

    101KB

  • Sample

    220221-sxh5taaeh5

  • MD5

    9eb9197cd58f4417a27621c4e1b25a71

  • SHA1

    b374eb643b20e47cd9c45811c09e4e73b5871506

  • SHA256

    004ede55a972e10d9a21bcf338b4907d6eed65bf5ad6abbbd5aec7d8484bdedf

  • SHA512

    d2eb60aa05487c879445669112b85f4870d04b48da6e4e7991ef72982dcd37bf44ac99c76423054f57e1703d4d9172ba0a8f129fc73ebdd15e4e7557a0ffec32

Score
10/10

Malware Config

Targets

    • Target

      conti.exe

    • Size

      101KB

    • MD5

      9eb9197cd58f4417a27621c4e1b25a71

    • SHA1

      b374eb643b20e47cd9c45811c09e4e73b5871506

    • SHA256

      004ede55a972e10d9a21bcf338b4907d6eed65bf5ad6abbbd5aec7d8484bdedf

    • SHA512

      d2eb60aa05487c879445669112b85f4870d04b48da6e4e7991ef72982dcd37bf44ac99c76423054f57e1703d4d9172ba0a8f129fc73ebdd15e4e7557a0ffec32

    Score
    10/10
    • Conti Ransomware

      Ransomware generally thought to be a successor to Ryuk.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks