Overview

overview

10

Static

static

3402d9d20b...le.exe

windows7_x64

10

3402d9d20b...le.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3402d9d20bc4622a87c2533484fb98889a5a85bf3191192faf4ef8431f7a4b9c.bin.sample

  • Size

    185KB

  • Sample

    210928-y2vbjadafr

  • MD5

    1ac77c173fba7dd1475e84c50be35767

  • SHA1

    3fd475ff9035742ff45d8a85c05e0c3fca453326

  • SHA256

    3402d9d20bc4622a87c2533484fb98889a5a85bf3191192faf4ef8431f7a4b9c

  • SHA512

    e02ad3865e5790c17636f661f2a2aaab2ce5dd3efb78cb3402604fbd8cd058714fdba6dd78071c2710e99d2944f6607cba3545d0ca252fbdda4878d0a017f90f

Score
10/10
contiransomwarespywarestealer

Malware Config

Extracted

Path

C:\R3ADM3.txt

Family

conti

Ransom Note
All of your files are currently encrypted by CONTI strain. You can contact our team directly for further instructions through our website : TOR VERSION : (you should download and install TOR browser first https://torproject.org) http://m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid.onion HTTPS VERSION : https://contirecovery.info YOU SHOULD BE AWARE! Just in case, if you try to ignore us. We've downloaded a pack of your internal data and are ready to publish it on out news website if you do not respond. So it will be better for both sides if you contact us as soon as possible. ---BEGIN ID--- KCunZoziQUNQoJta54VhbE7Y8PD8FPDSGWulQ3gvxuiG7SFE4tGY4mHcaYmlFZM2 ---END ID---
URLs

http://m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid.onion

https://contirecovery.info

Targets

    • Target

      3402d9d20bc4622a87c2533484fb98889a5a85bf3191192faf4ef8431f7a4b9c.bin.sample

    • Size

      185KB

    • MD5

      1ac77c173fba7dd1475e84c50be35767

    • SHA1

      3fd475ff9035742ff45d8a85c05e0c3fca453326

    • SHA256

      3402d9d20bc4622a87c2533484fb98889a5a85bf3191192faf4ef8431f7a4b9c

    • SHA512

      e02ad3865e5790c17636f661f2a2aaab2ce5dd3efb78cb3402604fbd8cd058714fdba6dd78071c2710e99d2944f6607cba3545d0ca252fbdda4878d0a017f90f

    Score
    10/10
    contiransomwarespywarestealer

    • Conti Ransomware

      Ransomware generally thought to be a successor to Ryuk.

      ransomwareconti

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks