d3c75c5bc4ae087d547bd722bd84478ee6baf8c3355b930f26cc19777cd39d4c.zip

General
Target

d3c75c5bc4ae087d547bd722bd84478ee6baf8c3355b930f26cc19777cd39d4c.zip

Size

86KB

Sample

210121-3mlv3q5jpj

Score
10 /10
MD5

47e3a4fdd76d4ed34b0dccf86eee4f59

SHA1

66976a47b502b9e2ddca4d39f409496eeb184335

SHA256

1de446ec3ae6ed984e52bd031814ec1397eb5d4f26feb38da866e5b83f6468bd

SHA512

417ae8b92fa392c64bcc422878d1761308c83b2694453e56501b0f0dcfe49a40b28187a2431a96d200d5fafbf5309093f6f953fbfa8c9f615844f4782db8f1c2

Malware Config

Extracted

Path C:\readme.txt
Family conti
Ransom Note
All of your files are currently encrypted by CONTI ransomware. If you try to use any additional recovery software - the files might be damaged or lost. To make sure that we REALLY CAN recover data - we offer you to decrypt samples. You can contact us for further instructions through: Our email polzarutu1982@protonmail.com Our website TOR VERSION : (you should download and install TOR browser first https://torproject.org) http://m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid.onion HTTPS VERSION : contirecovery.best YOU SHOULD BE AWARE! Just in case, if you try to ignore us. We've downloaded your data and are ready to publish it on out news website if you do not respond. So it will be better for both sides if you contact us ASAP ---BEGIN ID--- sRttGzzkzsoiC9s8LgcrQk64ew7H47a5JSjCsLGbwdijogjulfu3RO9XBJbfEgCZ ---END ID---
Emails

polzarutu1982@protonmail.com

URLs

http://m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid.onion

https://contirecovery.best

Targets
Target

d3c75c5bc4ae087d547bd722bd84478ee6baf8c3355b930f26cc19777cd39d4c.exe

MD5

b3d6ba0aa663f699283d25ddcb6561b9

Filesize

208KB

Score
10 /10
SHA1

a1f27e6be62bf0af7d5bff447156b3413f0d97c8

SHA256

d3c75c5bc4ae087d547bd722bd84478ee6baf8c3355b930f26cc19777cd39d4c

SHA512

6d3b5f75169243f44247bb6ad32d6f68d937240e0d1711373012d696729a3e44ad21336e96a5548e11605412365ad4f53d2f5c798e74f204be2c16df5ae610ef

Tags

Signatures

  • Conti Ransomware

    Description

    Ransomware generally thought to be a successor to Ryuk.

    Tags

  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Drops startup file

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Drops desktop.ini file(s)

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10