conti | 1ef1ff8b1e81815d13bdd293554ddf8b3e57490dd3ef4add7c2837ddc67f9c24 | Triage

Submit
Reports

Overview

overview

Static

static

1ef1ff8b1e...in.exe

windows7_x64

1ef1ff8b1e...in.exe

windows10_x64

Sharing

General

Target

1ef1ff8b1e81815d13bdd293554ddf8b3e57490dd3ef4add7c2837ddc67f9c24.bin
Size

101KB
Sample

200826-k8ykljftvn
MD5

42e106fd843b0e3585057c30424f695a
SHA1

7b7f0c029a3dcb34a7a448f05b43c5657dd0c471
SHA256

1ef1ff8b1e81815d13bdd293554ddf8b3e57490dd3ef4add7c2837ddc67f9c24
SHA512

70acd1c36f44bfa4bb6c4dbf40275e2d508e5a610117de2835435a95950549b33c89b012ea3772c85d6189ee06b575bbe193cbe0aa8fb1a8ad9f4a20192e0ae8

Score

10^/10

conti ransomware

Static task

static1

Behavioral task

behavioral1

Sample

1ef1ff8b1e81815d13bdd293554ddf8b3e57490dd3ef4add7c2837ddc67f9c24.bin.exe

Resource

win7

conti ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1ef1ff8b1e81815d13bdd293554ddf8b3e57490dd3ef4add7c2837ddc67f9c24.bin.exe

Resource

win10v200722

conti ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1ef1ff8b1e81815d13bdd293554ddf8b3e57490dd3ef4add7c2837ddc67f9c24.bin
- Size
  
  101KB
- MD5
  
  42e106fd843b0e3585057c30424f695a
- SHA1
  
  7b7f0c029a3dcb34a7a448f05b43c5657dd0c471
- SHA256
  
  1ef1ff8b1e81815d13bdd293554ddf8b3e57490dd3ef4add7c2837ddc67f9c24
- SHA512
  
  70acd1c36f44bfa4bb6c4dbf40275e2d508e5a610117de2835435a95950549b33c89b012ea3772c85d6189ee06b575bbe193cbe0aa8fb1a8ad9f4a20192e0ae8
Score

10^/10

conti ransomware
- Conti Ransomware
  Ransomware generally thought to be a successor to Ryuk.
  ransomware conti
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

contiransomware

behavioral2

contiransomware

© 2018-2024

Terms | Privacy