Extracted

• • Target

    e27ef38f995ea3a2a1ebd7f686adb0a699f3fe893d942967b78bdf71f0095219

  • Size

    473KB

  • MD5

    5dd814636f034cca43d05bd92c493176

  • SHA1

    c3e40e07bab8fcdc5030883cd2557ba4bf0d0f32

  • SHA256

    e27ef38f995ea3a2a1ebd7f686adb0a699f3fe893d942967b78bdf71f0095219

  • SHA512

    49a38d6664e4251bbd8f1a8db9d3568fcee7033f94e5e04ea8cafa4e949d81e31dc94bb2d66a827f8a5870d4c351c644e3d67e20df75cf77a0aec54f67e3f583

  • SSDEEP

    6144:lDRVAtdEj1hVuEx8imwetoxktt9IIhj8nJtkx9JUvcmlVs0OmnG38/c9Hg:GuhVuEx7OoxkttGIx8HlCBX3

  Score

  10^/10

  contiransomwarespywarestealer

  • Conti Ransomware

    Ransomware generally thought to be a successor to Ryuk.

    ransomwareconti

  • Renames multiple (7370) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  behavioral1behavioral2