General
-
Target
4fb16b9c430a956f1020e1da670aaeeb6115adfcbd8730b192663958280ebff9
-
Size
1.6MB
-
Sample
240831-258vwa1bnl
-
MD5
bb43270865fd4781a816649a6cf3221f
-
SHA1
18f54001539a7f33905e74f52a882f8dd2b37d78
-
SHA256
4fb16b9c430a956f1020e1da670aaeeb6115adfcbd8730b192663958280ebff9
-
SHA512
3db3fde86da2e2be42736d91701a9f7209eb805b78054bfd7734b712c02c3b6bc3f4dfa866141e45e79948f75296385ad5fd75b542b096615c54fcb0441093b1
-
SSDEEP
49152:t2lJNf+YDupmX35m2e8S9zMyzKG+XvvBia:t0GYCg0mTyzKG+XXx
Static task
static1
Behavioral task
behavioral1
Sample
217d101b037020cbcdd9fb7e67b2dae7ed3e8467b0dad1ca1ac0a160dc39fb48.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
217d101b037020cbcdd9fb7e67b2dae7ed3e8467b0dad1ca1ac0a160dc39fb48.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\Program Files (x86)\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.best
Targets
-
-
Target
217d101b037020cbcdd9fb7e67b2dae7ed3e8467b0dad1ca1ac0a160dc39fb48
-
Size
2.0MB
-
MD5
1c37c947943a928e5378931ca23d3379
-
SHA1
570eead825c666609b7f7d94de4ff90a86cacb94
-
SHA256
217d101b037020cbcdd9fb7e67b2dae7ed3e8467b0dad1ca1ac0a160dc39fb48
-
SHA512
70b16ed622c6cbf75e1e20c08f6415e0ed055c1b1ac9528e98713079bc93eefde4c67a06b8ba20265eafeeb7eb25c21c20f6d74ad00896533638ef6759683ace
-
SSDEEP
49152:0/PdqNddtNfBTXtF7tcEXwNBn+fxl7LI4mfe7mEttebsA8EnqN2U:0/PQNdjjtF7rSn+7LCfLE/eJH
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Renames multiple (7993) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1