General
-
Target
132f4e074a4739dfb574b8d32d3f9ddd70a1506dd76bae33ced3ed87d1f3695e
-
Size
515KB
-
Sample
240909-tgfv7axanp
-
MD5
b9c56e7c05c5861cecbc3d99bf056c6a
-
SHA1
1306b87b4ffbe513e19225d0bf5719f5f078e077
-
SHA256
132f4e074a4739dfb574b8d32d3f9ddd70a1506dd76bae33ced3ed87d1f3695e
-
SHA512
846666b9c0dc106931e7cbca61d759bc75aac5083bed636b8f00a9d2649c2f0d428515fd0d38e8f9d5879994681c97ce7c7d56031e0e821702240f4a6f54a96a
-
SSDEEP
3072:HzyJa/EBc2jrORnQssIJZYKcgtHhGk528yJKY8/d7epmB98g89QP2EKO0+5Wk:HzymEBc2jMQsdJdBgHJ+/dB9rP2v+5R
Static task
static1
Behavioral task
behavioral1
Sample
132f4e074a4739dfb574b8d32d3f9ddd70a1506dd76bae33ced3ed87d1f3695e.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
132f4e074a4739dfb574b8d32d3f9ddd70a1506dd76bae33ced3ed87d1f3695e.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\Program Files (x86)\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.xyz/
Targets
-
-
Target
132f4e074a4739dfb574b8d32d3f9ddd70a1506dd76bae33ced3ed87d1f3695e
-
Size
515KB
-
MD5
b9c56e7c05c5861cecbc3d99bf056c6a
-
SHA1
1306b87b4ffbe513e19225d0bf5719f5f078e077
-
SHA256
132f4e074a4739dfb574b8d32d3f9ddd70a1506dd76bae33ced3ed87d1f3695e
-
SHA512
846666b9c0dc106931e7cbca61d759bc75aac5083bed636b8f00a9d2649c2f0d428515fd0d38e8f9d5879994681c97ce7c7d56031e0e821702240f4a6f54a96a
-
SSDEEP
3072:HzyJa/EBc2jrORnQssIJZYKcgtHhGk528yJKY8/d7epmB98g89QP2EKO0+5Wk:HzymEBc2jMQsdJdBgHJ+/dB9rP2v+5R
Score10/10-
Renames multiple (130) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-