[ MALWARE MUTEX INTELLIGENCE DATABASE ]
 ███████╗██╗   ██╗██╗██╗         ███╗   ███╗██╗   ██╗████████╗███████╗██╗  ██╗
 ██╔════╝██║   ██║██║██║         ████╗ ████║██║   ██║╚══██╔══╝██╔════╝╚██╗██╔╝
█████╗  ██║   ██║██║██║         ██╔████╔██║██║   ██║   ██║   █████╗   ╚███╔╝
██╔══╝  ╚██╗ ██╔╝██║██║         ██║╚██╔╝██║██║   ██║   ██║   ██╔══╝   ██╔██╗
 ███████╗ ╚████╔╝ ██║███████╗    ██║ ╚═╝ ██║╚██████╔╝   ██║   ███████╗██╔╝ ██╗
 ╚══════╝  ╚═══╝  ╚═╝╚══════╝    ╚═╝     ╚═╝ ╚═════╝    ╚═╝   ╚══════╝╚═╝  ╚═╝

Advanced Malware Analysis & Threat Intelligence

06:17:09
[ALL_FAMILIES]

Contacto

ransomware1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:
Contacto
CATEGORY:
RANSOMWARE
DESCRIPTION:
Contacto is a new ransomware strain that surfaced in early January 2025, featuring advanced evasion techniques to bypass conventional security measures. It uses sophisticated threading models for efficient file encryption and employs various privilege escalation methods to maximize system control.
TAGS:
file_encryptionprivilege_escalationav_evasionthreading_modelmutex_protection

[MUTEX_SIGNATURES](1)

[MUTEX_01]
Global\ContactoMutex
ANALYST: @adhikara13 DATE: 2025-01-22
REFERENCES:
https://app.any.run/tasks/917a636f-aed8-4368-81a6-1ee2634c50ec
https://gbhackers.com/new-contacto-ransomware-evades-av-detection

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:
Unknown
FIRST_OBSERVED:
2025

[SIGMA_RULE]

[STATISTICS]
MUTEX_COUNT:1
THREAT_ACTORS:1
ALIASES:0
TAGS:5
CATEGORY:RANSOMWARE
 Malware profile loaded successfully 
 EvilMutex Project v1.0.0 
 Open Source Threat Intelligence Database 
[GITHUB][DOCS]