Overview

overview

10

Static

static

8

05bbf1c653...5a.exe

windows7-x64

10

05bbf1c653...5a.exe

windows10-2004-x64

10

out.exe

windows7-x64

out.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05bbf1c653825b757ee73b59df45410070a28841819362462162d9547adb3d5a.zip

  • Size

    32KB

  • Sample

    221129-hkprqaef79

  • MD5

    a81b1a031f9fc4f822ab314713c15ed4

  • SHA1

    fb89083401d3bb0aed1379a3dd54ac33a0976fb7

  • SHA256

    641b1d30fa27dfc9fd79f93d90c937badeb151fbd1c37ad557aaa42ea298df35

  • SHA512

    7734f48a2bf479348fb79a71bad1eba4651db75d2b246bb1c091ada72cc305fde6fefd3579a3f74f4378eda862cfa8ea79d3b6f3f55df1ba55edee9b83c5584e

  • SSDEEP

    768:18THg0K9bQ5XKHSOtZfprCYKbqACB4lDg/+wLbWnYt0d:4QuX8SoZRj/+eW20d

Score
10/10
contiransomwareupx

Malware Config

Targets

    • Target

      05bbf1c653825b757ee73b59df45410070a28841819362462162d9547adb3d5a.exe

    • Size

      36KB

    • MD5

      ce3b141aa84f121127b37adecc908db8

    • SHA1

      c761ca6f202558b752efa76058264f01065d8171

    • SHA256

      05bbf1c653825b757ee73b59df45410070a28841819362462162d9547adb3d5a

    • SHA512

      fe088ffc5e7962081fce6d28ac49b3b4821b71532f8b98550b942b13f10da96899f6a3e9dd7d84156842c85310da17564fdb983436e2549239d55db0c01f0aef

    • SSDEEP

      768:V1KYiUlrhAJAfv123WP5HBVz6C0R64rmEq25FANwepk4E:V1vikrhAJAHsmBhp6/R6emEqeFANweSP

    Score
    10/10
    contiransomwareupx

    • Conti Ransomware

      Ransomware generally thought to be a successor to Ryuk.

      ransomwareconti

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

    • Target

      out.upx

    • Size

      101KB

    • MD5

      744cea870017c251d7427f928d4ab3c6

    • SHA1

      acba21062a63b62ae1715c6ac96f563c330dec16

    • SHA256

      93926f8dfb614873ece27c07aaa0ccab7fa8f3694a8799a14dea6387415e6fa2

    • SHA512

      7ac800c19c29980778a719ff722cdc37e07d43c38c9c8caa9afcdccd44e55523d13bd5a291c0f097a245c17f5dbee048a25fedc2f3a325f6ecfcf0c0c6c10713

    • SSDEEP

      1536:PzkzMy2546PtngS719+T0gdGpwW2XtaJp7fd8OUfB4VH9qNwpWw:AX2C29+4g8wW2XtO7l8OUGx9qNwp

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

2
T1107

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks