General
-
Target
x64.zip
-
Size
93KB
-
Sample
220225-qxpaqagcd3
-
MD5
aa4b5f6ca72888c44e66765398606707
-
SHA1
632462b5969b79d43fd362f55b8f792148a8f51b
-
SHA256
e298d3e4ea2610e43eedcdc3171998943d645c187779f431424b7c0b39650d05
-
SHA512
cd36963e9fc252972514e2bc8e2de410f12aa710abdcc6b97dfecfb2e3afa759d6c1cd8584705c985581cedaf85400121b1d8948b0ae58c43593be555b07e598
Static task
static1
Behavioral task
behavioral1
Sample
x64.dll
Resource
win7-20220223-en
Behavioral task
behavioral2
Sample
x64.dll
Resource
win10v2004-en-20220112
Malware Config
Extracted
C:\readme.txt
conti
http://contirec7nchr45rx6ympez5rjldibnqzh7lsa56lvjvaeywhvoj3wad.onion/H41hybMsOg3lWAh49kvUfF75bvw1cHvsUDtTIE4VPHSkaS50OApsHlq7b9ytRKzc
Targets
-
-
Target
x64.dll
-
Size
217KB
-
MD5
ac6748ce106d8a640fd9b0767b5b54d5
-
SHA1
a73a4cbd118e9b88a3ce69bff6a35848a0c41def
-
SHA256
ae709940f51d9479a2006a194ca3938e938ab49b79675ff2679ec18f999f7c59
-
SHA512
209e51bbe70965e9b50d027454d478fbd36344929edf69077cffc573485764d06ead40cf46a3ad06cf5c71d2303d6c69e3c98df5850c233a42f03e7b232a6901
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-