Overview

overview

10

Static

static

d826f4cb82...26.exe

windows7-x64

10

d826f4cb82...26.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d826f4cb8240f894e43fea3c84b14fd85be9758d7ad4eafa113ad7d45c30bc26

  • Size

    120KB

  • Sample

    221223-ry1wksbg5w

  • MD5

    2728cc27bed3e893827ad3442920f13f

  • SHA1

    bd79a5123e03fd09217103ef9740ca9b52047ec1

  • SHA256

    d826f4cb8240f894e43fea3c84b14fd85be9758d7ad4eafa113ad7d45c30bc26

  • SHA512

    5994ab245b9233035eeb2292df2018d8ca1c9243f80a7621a6fa141ecc1add2bf76bbca7b9ed5ef14412012286bc54e8892f367dc9c80d975f6b948a3f4275b7

  • SSDEEP

    1536:Zkf1uAy9LBGngS719+T0gdGpwW2XtaJp7fd8OUfB4VHrqragVWz:OfVyG9+4g8wW2XtO7l8OUGxrqra9

Score
10/10
contiransomware

Malware Config

Targets

    • Target

      d826f4cb8240f894e43fea3c84b14fd85be9758d7ad4eafa113ad7d45c30bc26

    • Size

      120KB

    • MD5

      2728cc27bed3e893827ad3442920f13f

    • SHA1

      bd79a5123e03fd09217103ef9740ca9b52047ec1

    • SHA256

      d826f4cb8240f894e43fea3c84b14fd85be9758d7ad4eafa113ad7d45c30bc26

    • SHA512

      5994ab245b9233035eeb2292df2018d8ca1c9243f80a7621a6fa141ecc1add2bf76bbca7b9ed5ef14412012286bc54e8892f367dc9c80d975f6b948a3f4275b7

    • SSDEEP

      1536:Zkf1uAy9LBGngS719+T0gdGpwW2XtaJp7fd8OUfB4VHrqragVWz:OfVyG9+4g8wW2XtO7l8OUGxrqra9

    Score
    10/10
    contiransomware

    • Conti Ransomware

      Ransomware generally thought to be a successor to Ryuk.

      ransomwareconti

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks