General
-
Target
3dd56e8cb09469eeae1737ce1f7a2414ce7a2d019e685cd80f81e1fea56758ba
-
Size
514KB
-
Sample
240909-s1lp4swakr
-
MD5
a9989d691d4a509fba4fbc2a26bcb54f
-
SHA1
0e7e0d1ae5ec4d691de59892aa45ee80069e079d
-
SHA256
3dd56e8cb09469eeae1737ce1f7a2414ce7a2d019e685cd80f81e1fea56758ba
-
SHA512
eeae35103e66711cd8015ff4d0ee3c36eb030b5b6f326177075f5a02328ead68ebcad3f839ae3ef50bf8e4444aa9c597bd9b8ba25989ba1a2de9722d29f2b429
-
SSDEEP
3072:fvOXfbBI4++rye6iLfv7FizEPB5Oe4UKXqlc8Lm87wgZPyzOmem0:eXzin6jwUKXSL/hIOH
Malware Config
Extracted
C:\Program Files (x86)\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.click
Targets
-
-
Target
3dd56e8cb09469eeae1737ce1f7a2414ce7a2d019e685cd80f81e1fea56758ba
-
Size
514KB
-
MD5
a9989d691d4a509fba4fbc2a26bcb54f
-
SHA1
0e7e0d1ae5ec4d691de59892aa45ee80069e079d
-
SHA256
3dd56e8cb09469eeae1737ce1f7a2414ce7a2d019e685cd80f81e1fea56758ba
-
SHA512
eeae35103e66711cd8015ff4d0ee3c36eb030b5b6f326177075f5a02328ead68ebcad3f839ae3ef50bf8e4444aa9c597bd9b8ba25989ba1a2de9722d29f2b429
-
SSDEEP
3072:fvOXfbBI4++rye6iLfv7FizEPB5Oe4UKXqlc8Lm87wgZPyzOmem0:eXzin6jwUKXSL/hIOH
Score10/10-
Conti Ransomware
Ransomware generally thought to be a successor to Ryuk.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Renames multiple (839) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1