MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ca57576c6a2d7dbf49faeafd4804c6b86d9af7fff1390c58a30eb9d9bf2fbfd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Conti


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ca57576c6a2d7dbf49faeafd4804c6b86d9af7fff1390c58a30eb9d9bf2fbfd
SHA3-384 hash: fac2e2d98597ba3601047c24fa32eb5a16a045f7ca5a23c38000130bc3cd3560f84f2a653ec026fcf1ab194d1f780b26
SHA1 hash: b0ed1c13d6472c8b8bd88aba5cd007576d051802
MD5 hash: 6a0836ebb8fa74190ecea8ceca6321ee
humanhash: potato-bluebird-early-oklahoma
File name:6a0836eb_by_Libranalysis
Download: download sample
Signature Conti
Create hunting rule
File size:195'072 bytes
First seen:2021-05-25 12:02:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c2a4becf8f921158319527ff0049fea9 (9 x Conti)
ssdeep 3072:mbgz9OJcW+b7d55P96aqwKDpi68oLlmqMVHKXhtK+Ux/fcVIT5xa:59uQb7V9KwKDpiSLl6B6hmp3Pa
Threatray 27 similar samples on MalwareBazaar
TLSH 31145C14B24D4675F26A58B02AFC69B354BC6938335FD8F7B7CA86781A256D23530F03
Reporter Libranalysis
Tags:conti


Avatar
Libranalysis
Uploaded as part of the sample sharing project

Intelligence

File Origin
# of uploads :
1
# of downloads :
386
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Conti
Create hunting rule
Link:
https://www.capesandbox.com/analysis/161900/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
Connection attempt
Sending a UDP request
Creating a file
Changing a file
Creating a file in the Program Files directory
Moving a file to the Program Files directory
Creating a file in the Program Files subdirectories
Moving a file to the Program Files subdirectory
Modifying an executable file
Reading critical registry keys
Creating a file in the mass storage device
Stealing user critical data
Encrypting user's files
Result
Threat name:
Conti
Create hunting rule
Detection:
malicious
Classification:
rans.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/791533
Signature
Antivirus / Scanner detection for submitted sample
Found potential dummy code loops (likely to delay analysis)
Found ransom note / readme
Found Tor onion address
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Writes many files with high entropy
Yara detected Conti ransomware
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7ca57576c6a2d7dbf49faeafd4804c6b86d9af7fff1390c58a30eb9d9bf2fbfd/
Threat name:
Win32.Ransomware.Conti
Create hunting rule
Status:
Malicious
First seen:
2021-05-21 22:48:57 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pssxk5wgull5x5e7v2x5jacmnodntl3774jzbrmkgdvz3g7s7p6q._file
Verdict:
malicious
Similar samples:
1ce8a939b3e7d84c59c12dc9e1091532f4336dac533847b6533b01d9dcf494e9
Conti
2fc6d7df9252b1e2c4eb3ad7d0d29c188d87548127c44cebc40db9abe8e5aa35
Conti
3ea09802079d790782124b9dc0c316bf7f2d511446d15d4bbafe2cfd12790fd7
Conti
449668f18d2aa75cc9493090764722eb4f0843a8da1b354d4e2147c6d6393078
Conti
5147cc9e017cf25a77dc8268626d9b4002062eb8460a6885d81b986a69ed9b73
Conti
a332a53516bbd501c46a867039166f1c1cb1f140961758ecc7cbcdaeb859e6ce
Conti
a5751a46768149c5ddf318fd75afc66b3db28a5b76254ee0d6ae27b21712e266
Conti
b524ed1cc22253f09d56f54d8ded4566b63352ff739f58de961f8a5bebb0fad9
Conti
d21c71a090cd6759efc1f258b4d087e82c281ce65a9d76f20a24857901e694fc
Conti
fb05ebddc4ce8d73654893517771633cb779654d9ff9025bfbc918cccf8f3bbf
Conti
+ 17 additional samples on MalwareBazaar
Result
Malware family:
conti
Create hunting rule
Score:
  10/10
Tags:
family:conti ransomware spyware stealer
Link:
https://tria.ge/reports/210525-2ydgksxw8s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Drops file in Windows directory
Drops desktop.ini file(s)
Drops startup file
Reads user/profile data of web browsers
Modifies extensions of user files
Conti Ransomware
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7ca57576c6a2d7dbf49faeafd4804c6b86d9af7fff1390c58a30eb9d9bf2fbfd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Conti
Create hunting rule
Author:kevoreilly
Description:Conti Ransomware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/161900/

Comments