conti | 6f0c6f447a18ad9fd81382b062d16d07eede05a15ab75870c0fdb43d421bb42d | Triage

Sharing

General

Target

6f0c6f447a18ad9fd81382b062d16d07eede05a15ab75870c0fdb43d421bb42d
Size

101KB
Sample

220306-c24z3shgh2
MD5

574636474eb06b3e45dfec2fc1f8830f
SHA1

363144ea42fbe675090903f743184b151a4df47d
SHA256

6f0c6f447a18ad9fd81382b062d16d07eede05a15ab75870c0fdb43d421bb42d
SHA512

c6fe575ab33571b8e378f47e2bb132432dc39e326fcc0b5d2c28cf14759e5b88ffeef61e18fba1dfad083bffa6c3f7430af7956b754842bb32c4577e99ab5808

Score

10^/10

conti ransomware

Malware Config

Targets

- Target
  
  6f0c6f447a18ad9fd81382b062d16d07eede05a15ab75870c0fdb43d421bb42d
- Size
  
  101KB
- MD5
  
  574636474eb06b3e45dfec2fc1f8830f
- SHA1
  
  363144ea42fbe675090903f743184b151a4df47d
- SHA256
  
  6f0c6f447a18ad9fd81382b062d16d07eede05a15ab75870c0fdb43d421bb42d
- SHA512
  
  c6fe575ab33571b8e378f47e2bb132432dc39e326fcc0b5d2c28cf14759e5b88ffeef61e18fba1dfad083bffa6c3f7430af7956b754842bb32c4577e99ab5808
Score

10^/10

conti ransomware
- Conti Ransomware
  Ransomware generally thought to be a successor to Ryuk.
  ransomware conti
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

contiransomware

behavioral2

contiransomware