MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d16645bce49ea342c4b4f5afa3f711bf0a3986a4a7354f96f24a21f161fff7cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Conti


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d16645bce49ea342c4b4f5afa3f711bf0a3986a4a7354f96f24a21f161fff7cb
SHA3-384 hash: f9fb91d8260278c7d63afcfd3f5b0e40d6c425f23204b5a9c28b4d63404940cca50666ab108a92c89a86d8c55f6d85c2
SHA1 hash: 2c55136adea386bc08e3b247be3ebb7bb035ed97
MD5 hash: c8324f3d3e3f5a41a1ce4ba000bd5706
humanhash: stream-spaghetti-harry-skylark
File name:c8324f3d_by_Libranalysis
Download: download sample
Signature Conti
Create hunting rule
File size:200'704 bytes
First seen:2021-05-25 12:01:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c2a4becf8f921158319527ff0049fea9 (9 x Conti)
ssdeep 3072:0v/kcVlisNUsKjPYtX1GeneH4NKN5V/4xeN2uo0UMNRK44EXzDo7x6:m/kGliZsnX1GeeYNmXyagjMhm6
Threatray 13 similar samples on MalwareBazaar
TLSH 0F143A11B64E4674F25998702AFC6EB754E89A38331FC8E773C9867D5A25AC27470F03
Reporter Libranalysis
Tags:conti


Avatar
Libranalysis
Uploaded as part of the sample sharing project

Intelligence

File Origin
# of uploads :
1
# of downloads :
369
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
unpacked.bin
Verdict:
Malicious activity
Analysis date:
2021-05-20 17:02:07 UTC
Tags:
ransomware
Link:
https://app.any.run/tasks/ddb16dcc-1785-4e18-bbe2-092784965fc9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Conti
Create hunting rule
Link:
https://www.capesandbox.com/analysis/161899/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
Connection attempt
Sending a UDP request
Creating a file
Changing a file
Creating a file in the Program Files directory
Moving a file to the Program Files directory
Creating a file in the Program Files subdirectories
Moving a file to the Program Files subdirectory
Modifying an executable file
Reading critical registry keys
Creating a file in the mass storage device
Stealing user critical data
Encrypting user's files
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/791523
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 423919 Sample: c8324f3d_by_Libranalysis Startdate: 25/05/2021 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 c8324f3d_by_Libranalysis.exe 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d16645bce49ea342c4b4f5afa3f711bf0a3986a4a7354f96f24a21f161fff7cb/
Threat name:
Win32.Ransomware.Conti
Create hunting rule
Status:
Malicious
First seen:
2021-05-21 03:30:12 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
23 of 28 (82.14%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=2ftelphet2rufrfu6wx2h5yrx4fdtbveu42u7fxsjiq7cyp767fq._file
Verdict:
malicious
Similar samples:
1ce8a939b3e7d84c59c12dc9e1091532f4336dac533847b6533b01d9dcf494e9
Conti
2fc6d7df9252b1e2c4eb3ad7d0d29c188d87548127c44cebc40db9abe8e5aa35
Conti
4cda70bf04bac75f54e6a2742a111659d9eff5d80c91ac073b3f1dfba34bccd1
Conti
68f9789527e83e614dc50e0279316745c15b43c7f72f8e7c5d4b99d8a656ff12
Conti
7ca57576c6a2d7dbf49faeafd4804c6b86d9af7fff1390c58a30eb9d9bf2fbfd
Conti
a5751a46768149c5ddf318fd75afc66b3db28a5b76254ee0d6ae27b21712e266
Conti
b524ed1cc22253f09d56f54d8ded4566b63352ff739f58de961f8a5bebb0fad9
Conti
be905b9aac897739d22c1078e60be1111efc7a9ec25e205d664e03a59730dbea
Conti
d21c71a090cd6759efc1f258b4d087e82c281ce65a9d76f20a24857901e694fc
Conti
ef2cd9ded5532af231e0990feaf2df8fd79dc63f7a677192e17b89ef4adb7dd2
Conti
+ 3 additional samples on MalwareBazaar
Result
Malware family:
conti
Create hunting rule
Score:
  10/10
Tags:
family:conti ransomware spyware stealer
Link:
https://tria.ge/reports/210525-htfh7gncbs/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Drops file in Windows directory
Drops desktop.ini file(s)
Drops startup file
Reads user/profile data of web browsers
Modifies extensions of user files
Conti Ransomware
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d16645bce49ea342c4b4f5afa3f711bf0a3986a4a7354f96f24a21f161fff7cb

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Conti
Create hunting rule
Author:kevoreilly
Description:Conti Ransomware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/161899/

Comments