Extracted

• • Target

    63061a372c41f5797f18dfeed166ec350e4029c46ad3c42ff79b8e284eb65ad6

  • Size

    1.0MB

  • MD5

    d3d9ad65fb3fb6f1eae29527b61ae7c0

  • SHA1

    cdaaa01b42d3b4a325c11fdd7779ade9044e9946

  • SHA256

    63061a372c41f5797f18dfeed166ec350e4029c46ad3c42ff79b8e284eb65ad6

  • SHA512

    171b12d4e345e67a4bfa43e2be66b5e18ccd61d2dee0f7b520c995595d62c258f1a4a865c8b8cdf6a9aa0c7b467eb10989b3ddc5291f4196e95276b94ba1cb7c

  • SSDEEP

    24576:nZeCB1cqVAtVi+0ZMdbIudTkvk7WCuwJLMBhRCLlX:n8UTMdkGBuHKX

  Score

  10^/10

  contiransomwarespywarestealer

  • Conti Ransomware

    Ransomware generally thought to be a successor to Ryuk.

    ransomwareconti

  • Renames multiple (7914) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2