Overview

overview

10

Static

static

1

eae876886f...fe.exe

windows7-x64

10

eae876886f...fe.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eae876886f19ba384f55778634a35a1d975414e83f22f6111e3e792f706301fe.zip

  • Size

    43KB

  • Sample

    230321-rxlehadb7x

  • MD5

    8d24855525b7e1518adf4c67f0d6c434

  • SHA1

    0a1a48d8631df9809f9121dbeab386302e64d863

  • SHA256

    f54cb90bd6c57fffde84b00c514e0a8cc0b9e2dd62432496a57836dfdbfe58d0

  • SHA512

    9069ccf316ddac270a8786b0e61594aaff8927dbb7da40db87667dc4b0ab152f0fb0cf87e6a64ba5374679b5594cd04c63045131040919ba2cf2a1504f6c7d93

  • SSDEEP

    768:kUtcrL6QwfXvP55+cGvd4MjcpHZA+ssb+hbTKLR12xi1cxlM6M52ORwz:knrL6Q23+cGOicp5AxlbJWcxlMt0O6z

Score
10/10
contiransomware

Malware Config

Targets

    • Target

      eae876886f19ba384f55778634a35a1d975414e83f22f6111e3e792f706301fe.exe

    • Size

      101KB

    • MD5

      b7b5e1253710d8927cbe07d52d2d2e10

    • SHA1

      596f1fdb5a3de40cccfe1d8183692928b94b8afb

    • SHA256

      eae876886f19ba384f55778634a35a1d975414e83f22f6111e3e792f706301fe

    • SHA512

      e56398bc1d27288504004486eb1b843f8c5462c5af3e4f076d5083890424a33149c402cb4da23b34d624746bbc0d15e1798427793d93ff93972ed081493d9b37

    • SSDEEP

      1536:YzkzMy2546PtngS719+T0gdGpwW2XtaJp7fd8OUfB4VH9qNwpWblz:RX2C29+4g8wW2XtO7l8OUGx9qNwp6

    Score
    10/10
    contiransomware

    • Conti Ransomware

      Ransomware generally thought to be a successor to Ryuk.

      ransomwareconti

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks