Extracted

• • Target

    418883200e3ba973c65013588c714abfa984e8fe1d9bc3697bb7796089ab9fbd

  • Size

    373KB

  • MD5

    cd0795c8b2bb7a19e10f06f8d23face4

  • SHA1

    3e73188e446dcdc5796fc904e8bb6768a787a9e0

  • SHA256

    418883200e3ba973c65013588c714abfa984e8fe1d9bc3697bb7796089ab9fbd

  • SHA512

    4ebd157f5ceb4cf98c6e417ab38c547c4684c3063cc8cd3b6af47d6f5d2615257ac944a4bddc312dffeac6ee4ee4d55090f9cc5f973976e29ddf14775c3d30a7

  • SSDEEP

    6144:4u3961zes6RBIkXi5ts0lnt4Zz4ByevEPzgpDxceGxImYMSbf/mEmbwX5elm7Dm:DJrB3SRt4ZzEiPzaFceG2DDX0F

  Score

  10^/10

  contiransomwarespywarestealer

  • Conti Ransomware

    Ransomware generally thought to be a successor to Ryuk.

    ransomwareconti

  • Renames multiple (7981) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral1behavioral2