General
-
Target
56f74f8c33cfa60be0f3b8936978a6d31c3c57eb3e4e00bd7a794da9b3ecd7b3
-
Size
514KB
-
Sample
240909-x97q6axhqb
-
MD5
e16d9fea42a12e877198f687ee023e63
-
SHA1
5e84f5034c4372b8674eb4099da75c398c904955
-
SHA256
56f74f8c33cfa60be0f3b8936978a6d31c3c57eb3e4e00bd7a794da9b3ecd7b3
-
SHA512
2c9894f9abf9c3e7d544b6112510a689119fc0f118f614d86d868c1238fe696484d43e0a0a638c1f2a0c4d8b1a21fe524ffe2df6e6e06e6d7c206b69f57c7322
-
SSDEEP
3072:8vOXfbBI4++rye6iLfv7FizEPB5Oe4UKXqlc8Lm87wgZPzOmem0:nXzin6jwUKXSL/hLOH
Malware Config
Extracted
C:\Program Files (x86)\readme.txt
conti
http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/
https://contirecovery.ws
Targets
-
-
Target
56f74f8c33cfa60be0f3b8936978a6d31c3c57eb3e4e00bd7a794da9b3ecd7b3
-
Size
514KB
-
MD5
e16d9fea42a12e877198f687ee023e63
-
SHA1
5e84f5034c4372b8674eb4099da75c398c904955
-
SHA256
56f74f8c33cfa60be0f3b8936978a6d31c3c57eb3e4e00bd7a794da9b3ecd7b3
-
SHA512
2c9894f9abf9c3e7d544b6112510a689119fc0f118f614d86d868c1238fe696484d43e0a0a638c1f2a0c4d8b1a21fe524ffe2df6e6e06e6d7c206b69f57c7322
-
SSDEEP
3072:8vOXfbBI4++rye6iLfv7FizEPB5Oe4UKXqlc8Lm87wgZPzOmem0:nXzin6jwUKXSL/hLOH
Score10/10-
Conti Ransomware
Ransomware generally thought to be a successor to Ryuk.
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Renames multiple (7955) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1