Extracted

• • Target

    ba1f830702f0444eefb6cebfa052af5e6c2c6cfb6c2052cbbbe62ea0be05b9da

  • Size

    490KB

  • MD5

    5c543db6d893af1e320bec4787490e70

  • SHA1

    17b911525e0dc7c7c188dcfa8c376ad729b27a59

  • SHA256

    ba1f830702f0444eefb6cebfa052af5e6c2c6cfb6c2052cbbbe62ea0be05b9da

  • SHA512

    ff81bac8728b6bc6a4b5787bbbc2cb16f39a2f092e4fa9b09bae01671a5eb6c4dd2f0bb5dfc59f7b893181cedd1b816bf866f4f823e05ee3073f6f1eb1d6cffc

  • SSDEEP

    3072:D1ywyQ5Q6Bro3zJHfzypOH+xzVXpVHkK4jzeTCxaBgeU:MwyI5o3zJWPzTBOzeOahU

  Score

  10^/10

  contidiscoveryransomware

  • Conti Ransomware

    Ransomware generally thought to be a successor to Ryuk.

    ransomwareconti

  • Renames multiple (57) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops desktop.ini file(s)

  behavioral1behavioral2