General

  • Target

    ee8a90ef7dd9c51deef64cd7ac4b737b3c871b1605f4a5bfb11cba9f850be014.bin.sample

  • Size

    195KB

  • Sample

    210922-ntssmafacq

  • MD5

    b025e8de3f4d48df053c481639f9a1d5

  • SHA1

    97bbf3c297625fce876c2997002744a283bb680a

  • SHA256

    ee8a90ef7dd9c51deef64cd7ac4b737b3c871b1605f4a5bfb11cba9f850be014

  • SHA512

    52ce449b24ffba6f10d5487e3f24382952f83b64922a7f66818926d88a468b614d5a4936ea63e28a6ae40759d1157f2c81272caf8dee1f3e9491821906236c39

Score
10/10

Malware Config

Extracted

Path

C:\readme.txt

Family

conti

Ransom Note
All of your files are currently encrypted by CONTI strain. As you know (if you don't - just "google it"), all of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly. If you try to use any additional recovery software - the files might be damaged, so if you are willing to try - try it on the data of the lowest value. To make sure that we REALLY CAN get your data back - we offer you to decrypt 2 random files completely free of charge. You can contact our team directly for further instructions through our website : TOR VERSION : (you should download and install TOR browser first https://torproject.org) http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/ HTTPS VERSION : https://contirecovery.xyz/ YOU SHOULD BE AWARE! Just in case, if you try to ignore us. We've downloaded a pack of your internal data and are ready to publish it on out news website if you do not respond. So it will be better for both sides if you contact us as soon as possible. ---BEGIN ID--- u7ame3Mj0r6pb7e1N8DVDq0TdvhNAzuz5E5zQGYRjJd1BS9J7WwQWtdaRn7m0qeb ---END ID---
URLs

http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/

https://contirecovery.xyz/

Targets

    • Target

      ee8a90ef7dd9c51deef64cd7ac4b737b3c871b1605f4a5bfb11cba9f850be014.bin.sample

    • Size

      195KB

    • MD5

      b025e8de3f4d48df053c481639f9a1d5

    • SHA1

      97bbf3c297625fce876c2997002744a283bb680a

    • SHA256

      ee8a90ef7dd9c51deef64cd7ac4b737b3c871b1605f4a5bfb11cba9f850be014

    • SHA512

      52ce449b24ffba6f10d5487e3f24382952f83b64922a7f66818926d88a468b614d5a4936ea63e28a6ae40759d1157f2c81272caf8dee1f3e9491821906236c39

    Score
    10/10
    • Conti Ransomware

      Ransomware generally thought to be a successor to Ryuk.

MITRE ATT&CK Matrix

Tasks