General
-
Target
0c81c3f11ecfe18cbf1d84e179b73ece5e2564c88e423cdc31d674f3d5300e5d
-
Size
510KB
-
Sample
240909-vpe5aszcpk
-
MD5
70d6d4600ad7a386af73f075f8bf1a0f
-
SHA1
5039dd23d9bf702bb8f0cd41999bbb2cb5f2d062
-
SHA256
0c81c3f11ecfe18cbf1d84e179b73ece5e2564c88e423cdc31d674f3d5300e5d
-
SHA512
168aa83fcea20e2e859c56c39c9eeeb2d117230427d740d97fe9838f36604bd87ea8e0a16849c0787b0c750df09decb8b5b8497d685aa721ed22ba78a44b61eb
-
SSDEEP
3072:SQkg5cAzJkv06HGaVpiehqpGDYwAM/cNfK89j8Qa34o7dVxt:SEcuVqTATicDNYVb
Static task
static1
Behavioral task
behavioral1
Sample
0c81c3f11ecfe18cbf1d84e179b73ece5e2564c88e423cdc31d674f3d5300e5d.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
0c81c3f11ecfe18cbf1d84e179b73ece5e2564c88e423cdc31d674f3d5300e5d.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\Program Files (x86)\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.ws
Targets
-
-
Target
0c81c3f11ecfe18cbf1d84e179b73ece5e2564c88e423cdc31d674f3d5300e5d
-
Size
510KB
-
MD5
70d6d4600ad7a386af73f075f8bf1a0f
-
SHA1
5039dd23d9bf702bb8f0cd41999bbb2cb5f2d062
-
SHA256
0c81c3f11ecfe18cbf1d84e179b73ece5e2564c88e423cdc31d674f3d5300e5d
-
SHA512
168aa83fcea20e2e859c56c39c9eeeb2d117230427d740d97fe9838f36604bd87ea8e0a16849c0787b0c750df09decb8b5b8497d685aa721ed22ba78a44b61eb
-
SSDEEP
3072:SQkg5cAzJkv06HGaVpiehqpGDYwAM/cNfK89j8Qa34o7dVxt:SEcuVqTATicDNYVb
Score10/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Renames multiple (8008) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Drops desktop.ini file(s)
-