Overview

overview

10

Static

static

3bf9bfc641...d7.exe

windows7_x64

10

3bf9bfc641...d7.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3bf9bfc641b84b13081fd4f823c745dd8714de54c47a52e8006942b26f6c98d7

  • Size

    101KB

  • Sample

    220327-mv739sgfc9

  • MD5

    a4c0be7c9444ec4710e41f50e787f121

  • SHA1

    eaa38c7274ffb7bc4e8c3df41bc0995688c6f508

  • SHA256

    3bf9bfc641b84b13081fd4f823c745dd8714de54c47a52e8006942b26f6c98d7

  • SHA512

    64e7dee357e457d7fab3240845176cf2a69a1742be4b360a98508d6dc5006a5cfc62aad3e8fd61ab0885d7e9d1445f7e20dc36dbdec3a3ca1e22d4d156498005

Score
10/10
contiransomware

Malware Config

Targets

    • Target

      3bf9bfc641b84b13081fd4f823c745dd8714de54c47a52e8006942b26f6c98d7

    • Size

      101KB

    • MD5

      a4c0be7c9444ec4710e41f50e787f121

    • SHA1

      eaa38c7274ffb7bc4e8c3df41bc0995688c6f508

    • SHA256

      3bf9bfc641b84b13081fd4f823c745dd8714de54c47a52e8006942b26f6c98d7

    • SHA512

      64e7dee357e457d7fab3240845176cf2a69a1742be4b360a98508d6dc5006a5cfc62aad3e8fd61ab0885d7e9d1445f7e20dc36dbdec3a3ca1e22d4d156498005

    Score
    10/10
    contiransomware

    • Conti Ransomware

      Ransomware generally thought to be a successor to Ryuk.

      ransomwareconti

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks