Extracted

• • Target

    370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde

  • Size

    644KB

  • MD5

    76863eb690c9385a6fb13503a60f0b7f

  • SHA1

    09af8728202201928db0fbe7c0364e6070fa26f3

  • SHA256

    370b510335cc2f8bfabb348a2a4dc5293fecf8f17af76f52847dc260cdd83fde

  • SHA512

    6f06bf8ef2b0d300090d4ecff807453699c3af9f85f8ac6ad7489877a72e693e59e73cbbf81a6a2f185dccba8b5b3790ec57b04e23e9a0a46ab206868e244d18

  Score

  10^/10

  contiransomwarespywarestealer

  • Conti Ransomware

    Ransomware generally thought to be a successor to Ryuk.

    ransomwareconti

  • Executes dropped EXE

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Drops startup file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral1behavioral2