General
-
Target
cf487bd54e487585cd052e982fd765cbc0d8d164cc21b8635e55475182dadf00.bin
-
Size
212KB
-
Sample
220225-2z4nzaafbq
-
MD5
fc589ff7ae38588841848235df247445
-
SHA1
4313e5d451d60d66f6de4add392c1b9ff820f2f0
-
SHA256
cf487bd54e487585cd052e982fd765cbc0d8d164cc21b8635e55475182dadf00
-
SHA512
6cd3f3a1a32e54662b5e5493507cb52cf82ac2699872ff5f08ea910232c6db6e6d9d4135aa7f734293a2f167a80f5862d24f58fecc99edc06f7fef3c952b7018
Static task
static1
Behavioral task
behavioral1
Sample
cf487bd54e487585cd052e982fd765cbc0d8d164cc21b8635e55475182dadf00.dll
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
cf487bd54e487585cd052e982fd765cbc0d8d164cc21b8635e55475182dadf00.dll
Resource
win10v2004-en-20220112
Malware Config
Extracted
C:\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.top/
Targets
-
-
Target
cf487bd54e487585cd052e982fd765cbc0d8d164cc21b8635e55475182dadf00.bin
-
Size
212KB
-
MD5
fc589ff7ae38588841848235df247445
-
SHA1
4313e5d451d60d66f6de4add392c1b9ff820f2f0
-
SHA256
cf487bd54e487585cd052e982fd765cbc0d8d164cc21b8635e55475182dadf00
-
SHA512
6cd3f3a1a32e54662b5e5493507cb52cf82ac2699872ff5f08ea910232c6db6e6d9d4135aa7f734293a2f167a80f5862d24f58fecc99edc06f7fef3c952b7018
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-