Overview

overview

10

Static

static

dbc76355c5...le.exe

windows7_x64

10

dbc76355c5...le.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dbc76355c56a885a1475174fb5325d61b875fd6207ef465cae05617b49463a38.bin.sample

  • Size

    208KB

  • Sample

    210928-lmldvsbfaj

  • MD5

    a8ff5d8b106c677713362bc7565cb0fb

  • SHA1

    ee29eaf5a39715f02d1b2c2e518ae14cc338d7c3

  • SHA256

    dbc76355c56a885a1475174fb5325d61b875fd6207ef465cae05617b49463a38

  • SHA512

    d48d0326dc481a2d8ae02c5acf13380397079d0ea286fe1c591ee1da8b10bc40a50a2d6fbd899832bcfd0eb9af6fc6ecaa6026fbdc80070b647dbcef7206ce01

Score
10/10
contiransomwarespywarestealer

Malware Config

Extracted

Path

C:\readme.txt

Family

conti

Ransom Note
All of your files are currently encrypted by CONTI ransomware. If you try to use any additional recovery software - the files might be damaged or lost. To make sure that we REALLY CAN recover data - we offer you to decrypt samples. You can contact us for further instructions through: Our email polzarutu1982@protonmail.com Our website TOR VERSION : (you should download and install TOR browser first https://torproject.org) http://m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid.onion HTTPS VERSION : contirecovery.best YOU SHOULD BE AWARE! Just in case, if you try to ignore us. We've downloaded your data and are ready to publish it on out news website if you do not respond. So it will be better for both sides if you contact us ASAP ---BEGIN ID--- sRttGzzkzsoiC9s8LgcrQk64ew7H47a5JSjCsLGbwdijogjulfu3RO9XBJbfEgCZ ---END ID---
Emails

polzarutu1982@protonmail.com

URLs

http://m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid.onion

https://contirecovery.best

Targets

    • Target

      dbc76355c56a885a1475174fb5325d61b875fd6207ef465cae05617b49463a38.bin.sample

    • Size

      208KB

    • MD5

      a8ff5d8b106c677713362bc7565cb0fb

    • SHA1

      ee29eaf5a39715f02d1b2c2e518ae14cc338d7c3

    • SHA256

      dbc76355c56a885a1475174fb5325d61b875fd6207ef465cae05617b49463a38

    • SHA512

      d48d0326dc481a2d8ae02c5acf13380397079d0ea286fe1c591ee1da8b10bc40a50a2d6fbd899832bcfd0eb9af6fc6ecaa6026fbdc80070b647dbcef7206ce01

    Score
    10/10
    contiransomwarespywarestealer

    • Conti Ransomware

      Ransomware generally thought to be a successor to Ryuk.

      ransomwareconti

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks