fe08a3036d6573fb430a69485ebfe405aad2cffef415c6f0a82e1704abb1f801 | Triage

Resubmissions

14-03-2024 15:25

240314-stkt8sfe8w 9

14-03-2024 14:53

240314-r9dv7aha48 9

Sharing

General

Target

Conti.exe
Size

56KB
Sample

240314-r9dv7aha48
MD5

1dee922fe62638c78c9cedb46dbeba2d
SHA1

c85f75cc9a37f190fe242e5c6f518be46ee66361
SHA256

fe08a3036d6573fb430a69485ebfe405aad2cffef415c6f0a82e1704abb1f801
SHA512

bc3e29e92a4e52d452b6d5bcca7c15f9e27157cd00c2ed2fcdc91f4b15dbb5748016e0e742ce71b825872e0b0fb41595ce41288542589340a86bc61c9a36b7ef
SSDEEP

768:+iJHRkQmAP4Fr8fj8fGETs1Nts5C2wZrzCYQtNQZZ9UI0Lb/3IY4WdO+5:tVaAPpLMGksRsE/CYCFv4b+

Score

9^/10

ransomware spyware stealer

Malware Config

Targets

- Target
  
  Conti.exe
- Size
  
  56KB
- MD5
  
  1dee922fe62638c78c9cedb46dbeba2d
- SHA1
  
  c85f75cc9a37f190fe242e5c6f518be46ee66361
- SHA256
  
  fe08a3036d6573fb430a69485ebfe405aad2cffef415c6f0a82e1704abb1f801
- SHA512
  
  bc3e29e92a4e52d452b6d5bcca7c15f9e27157cd00c2ed2fcdc91f4b15dbb5748016e0e742ce71b825872e0b0fb41595ce41288542589340a86bc61c9a36b7ef
- SSDEEP
  
  768:+iJHRkQmAP4Fr8fj8fGETs1Nts5C2wZrzCYQtNQZZ9UI0Lb/3IY4WdO+5:tVaAPpLMGksRsE/CYCFv4b+
Score

9^/10

ransomware spyware stealer
- Renames multiple (7904) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2

ransomwarespywarestealer