conti | 641b1d30fa27dfc9fd79f93d90c937badeb151fbd1c37ad557aaa42ea298df35 | Triage

Sharing

General

Target

05bbf1c653825b757ee73b59df45410070a28841819362462162d9547adb3d5a.zip
Size

32KB
Sample

221129-hkprqaef79
MD5

a81b1a031f9fc4f822ab314713c15ed4
SHA1

fb89083401d3bb0aed1379a3dd54ac33a0976fb7
SHA256

641b1d30fa27dfc9fd79f93d90c937badeb151fbd1c37ad557aaa42ea298df35
SHA512

7734f48a2bf479348fb79a71bad1eba4651db75d2b246bb1c091ada72cc305fde6fefd3579a3f74f4378eda862cfa8ea79d3b6f3f55df1ba55edee9b83c5584e
SSDEEP

768:18THg0K9bQ5XKHSOtZfprCYKbqACB4lDg/+wLbWnYt0d:4QuX8SoZRj/+eW20d

Score

10^/10

conti ransomware upx

Malware Config

Targets

- Target
  
  05bbf1c653825b757ee73b59df45410070a28841819362462162d9547adb3d5a.exe
- Size
  
  36KB
- MD5
  
  ce3b141aa84f121127b37adecc908db8
- SHA1
  
  c761ca6f202558b752efa76058264f01065d8171
- SHA256
  
  05bbf1c653825b757ee73b59df45410070a28841819362462162d9547adb3d5a
- SHA512
  
  fe088ffc5e7962081fce6d28ac49b3b4821b71532f8b98550b942b13f10da96899f6a3e9dd7d84156842c85310da17564fdb983436e2549239d55db0c01f0aef
- SSDEEP
  
  768:V1KYiUlrhAJAfv123WP5HBVz6C0R64rmEq25FANwepk4E:V1vikrhAJAHsmBhp6/R6emEqeFANweSP
Score

10^/10

conti ransomware upx
- Conti Ransomware
  Ransomware generally thought to be a successor to Ryuk.
  ransomware conti
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2
- Target
  
  out.upx
- Size
  
  101KB
- MD5
  
  744cea870017c251d7427f928d4ab3c6
- SHA1
  
  acba21062a63b62ae1715c6ac96f563c330dec16
- SHA256
  
  93926f8dfb614873ece27c07aaa0ccab7fa8f3694a8799a14dea6387415e6fa2
- SHA512
  
  7ac800c19c29980778a719ff722cdc37e07d43c38c9c8caa9afcdccd44e55523d13bd5a291c0f097a245c17f5dbee048a25fedc2f3a325f6ecfcf0c0c6c10713
- SSDEEP
  
  1536:PzkzMy2546PtngS719+T0gdGpwW2XtaJp7fd8OUfB4VH9qNwpWw:AX2C29+4g8wW2XtO7l8OUGx9qNwp
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

contiransomwareupx

behavioral2

contiransomwareupx

behavioral3

behavioral4