MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 58ca4e482db7cf5c924256e53d8516d422e76cf4b85b43dc2b9ba0c7cb471ff7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Conti


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 58ca4e482db7cf5c924256e53d8516d422e76cf4b85b43dc2b9ba0c7cb471ff7
SHA3-384 hash: df4b8654cfbd0479656273f03f8d8931882d11d82ac6a1ded946297aff3cb894a723a32320e58798a422755d8a50cbeb
SHA1 hash: ab31613ceb08db6aea6b90370e259be1e9243070
MD5 hash: 58b16b1ea734d18960927cd68040c72d
humanhash: nitrogen-bluebird-carolina-princess
File name:58ca4e482db7cf5c924256e53d8516d422e76cf4b85b43dc2b9ba0c7cb471ff7.bin
Download: download sample
Signature Conti
Create hunting rule
File size:200'704 bytes
First seen:2021-05-26 23:16:04 UTC
Last seen:2021-05-26 23:38:06 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c2a4becf8f921158319527ff0049fea9 (9 x Conti)
ssdeep 3072:CLJGBP1t82ETTwPAobQ3tOqmb14Gul22QZkN7S44EXZ50Rx6:gJEPCTwPp03YqyNulakHu6
Threatray 12 similar samples on MalwareBazaar
TLSH 77143A15B64E4634F25A98701AFC6DB354A89A38336FC8F7B3C9467D2A25AD27430F43
Reporter Arkbird_SOLG
Tags:conti Ransomware unpacked

Intelligence

File Origin
# of uploads :
2
# of downloads :
604
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
58ca4e482db7cf5c924256e53d8516d422e76cf4b85b43dc2b9ba0c7cb471ff7.bin
Verdict:
Malicious activity
Analysis date:
2021-05-26 23:23:17 UTC
Tags:
ransomware
Link:
https://app.any.run/tasks/1bc984d4-4772-4a17-93f2-948a769ab7fe

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Conti
Create hunting rule
Link:
https://www.capesandbox.com/analysis/162602/
Detection(s):
SecuriteInfo.com.Trojan.Encoder.33977.17642.25323.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
Connection attempt
Creating a file
Changing a file
Creating a file in the Program Files directory
Moving a file to the Program Files directory
Creating a file in the Program Files subdirectories
Moving a file to the Program Files subdirectory
Modifying an executable file
Sending a UDP request
Reading critical registry keys
Creating a file in the mass storage device
Stealing user critical data
Encrypting user's files
Infecting executable files
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/792967
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 425363 Sample: aApAPc7wuj.bin Startdate: 27/05/2021 Architecture: WINDOWS Score: 48 13 Multi AV Scanner detection for submitted file 2->13 6 aApAPc7wuj.exe 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started        file5 11 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 8->11 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/58ca4e482db7cf5c924256e53d8516d422e76cf4b85b43dc2b9ba0c7cb471ff7/
Threat name:
Win32.Ransomware.Cryptor
Create hunting rule
Status:
Malicious
First seen:
2021-05-26 23:16:09 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
22 of 47 (46.81%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ldfe4sbnw7hvzesck3st3biw2qroo3huxbnuhxbltoqmps2hd73q._file
Verdict:
malicious
Similar samples:
1ce8a939b3e7d84c59c12dc9e1091532f4336dac533847b6533b01d9dcf494e9
Conti
2fc6d7df9252b1e2c4eb3ad7d0d29c188d87548127c44cebc40db9abe8e5aa35
Conti
449668f18d2aa75cc9493090764722eb4f0843a8da1b354d4e2147c6d6393078
Conti
5fe77db174a5206b5387e2b86255bd008966b44632925351d9b3983438004eb1
Conti
7ca57576c6a2d7dbf49faeafd4804c6b86d9af7fff1390c58a30eb9d9bf2fbfd
Conti
a5751a46768149c5ddf318fd75afc66b3db28a5b76254ee0d6ae27b21712e266
Conti
b524ed1cc22253f09d56f54d8ded4566b63352ff739f58de961f8a5bebb0fad9
Conti
d16645bce49ea342c4b4f5afa3f711bf0a3986a4a7354f96f24a21f161fff7cb
Conti
d21c71a090cd6759efc1f258b4d087e82c281ce65a9d76f20a24857901e694fc
Conti
ef2cd9ded5532af231e0990feaf2df8fd79dc63f7a677192e17b89ef4adb7dd2
Conti
+ 2 additional samples on MalwareBazaar
Result
Malware family:
conti
Create hunting rule
Score:
  10/10
Tags:
family:conti ransomware spyware stealer
Link:
https://tria.ge/reports/210526-l2kg6w9n4a/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Drops file in Program Files directory
Drops desktop.ini file(s)
Reads user/profile data of web browsers
Modifies extensions of user files
Conti Ransomware
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/58ca4e482db7cf5c924256e53d8516d422e76cf4b85b43dc2b9ba0c7cb471ff7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Conti
Create hunting rule
Author:kevoreilly
Description:Conti Ransomware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Conti

Executable exe 59a9f0de96eff57768e995b296ae75778a232f30d95a7b7ab5048c621b50c66d

Conti

Executable exe 58ca4e482db7cf5c924256e53d8516d422e76cf4b85b43dc2b9ba0c7cb471ff7

(this sample)

  
Dropped by
SHA256 59a9f0de96eff57768e995b296ae75778a232f30d95a7b7ab5048c621b50c66d
Cape
Cape
https://www.capesandbox.com/analysis/162602/

Comments