General
-
Target
2d33ac8fce0592ef88bdeeee00e840c41a5a8fccc85c67316b74cc06c13ba0c5.7z
-
Size
71KB
-
Sample
220302-s41cnshahj
-
MD5
251be37d147c228ca6f01be91cc0262e
-
SHA1
600a5cbe652fc7f4e75e25bce0c22102c75bb3b1
-
SHA256
98a555d995283d1467b0f425e51688d8220cbee7202ef2a3c707baea874afd03
-
SHA512
11f1f6b176b05702ee873eaf724a4fda5f0ea7e0258530dcfaaed22b607c4764455307c94081b84cbe990d300e720b19fecb459dd0e155b93d92b48fc0deaf78
Malware Config
Extracted
C:\readme.txt
conti
http://contirec7nchr45rx6ympez5rjldibnqzh7lsa56lvjvaeywhvoj3wad.onion/mdD5g9xlQVi7XsUVCNFnTrWhFh34BEttZD6hjWLAos8kAmDTh3rbwb8OjIhZXSSu
Targets
-
-
Target
2d33ac8fce0592ef88bdeeee00e840c41a5a8fccc85c67316b74cc06c13ba0c5.exe
-
Size
217KB
-
MD5
72acae41645beae9afeef212b9e56be9
-
SHA1
2fd36e604ef5f11ded128c6edcbb4c1ee5f7a91f
-
SHA256
2d33ac8fce0592ef88bdeeee00e840c41a5a8fccc85c67316b74cc06c13ba0c5
-
SHA512
2b675fb73f7f1f23f586db483afce811eeb28c706805cd782bf8b3fda1f03846cea899d07cab0586b5f52536a9172461b733390df50db379c0529ae6dc1caee0
Score10/10-
Conti Ransomware
Ransomware generally thought to be a successor to Ryuk.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Drops desktop.ini file(s)
-