Extracted

• • Target

    da05567a6e292ab184169166ca230edaf3e8e9bc5effcb649901f589105b1b3a

  • Size

    511KB

  • MD5

    3d9ff7ab008e83fa73805d2fb279b5e1

  • SHA1

    ab25c30a8afd284f407b38282a54ccc4405f7ae4

  • SHA256

    da05567a6e292ab184169166ca230edaf3e8e9bc5effcb649901f589105b1b3a

  • SHA512

    9813558af0585c842f5048174ab7c97f2fc18e6bc28dddec3d485142939f036a32e1017bf8bd9fe6e84851100dbe3f0adb969d8547db93ff027473cea2c0a47f

  • SSDEEP

    3072:ya23a5c8ZAdXWY7s/OJpAGiVBzoCeRZdxOnHiF2GBh3RkiBRK90fTXc:ya23a5c8Z88/Yad7e2uHP3K0c

  Score

  10^/10

  contidiscoveryransomware

  • Conti Ransomware

    Ransomware generally thought to be a successor to Ryuk.

    ransomwareconti

  • Renames multiple (70) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Drops desktop.ini file(s)

  behavioral1behavioral2