Overview

overview

10

Static

static

a47d7ff360...in.dll

windows7_x64

10

a47d7ff360...in.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a47d7ff36064cab056d56dca4c466b4e98b331e4aed1d7aee2790cb9a94b1793.bin

  • Size

    190KB

  • Sample

    211216-weld1acfb3

  • MD5

    b1df6d854a85cc516b17c297e52961c7

  • SHA1

    b63cca38c6d715f7614f4bce1dcca60585e90731

  • SHA256

    a47d7ff36064cab056d56dca4c466b4e98b331e4aed1d7aee2790cb9a94b1793

  • SHA512

    472f4370e311b56db229f212f122dd925294462f5d265eed4f711fcc2e2058ca47caa031010732c3156326ee29b2d0e41d7154b389d8b345ce0f0b05db6fc05e

Score
10/10
contiransomware

Malware Config

Extracted

Path

C:\readme.txt

Family

conti

Ransom Note
All of your files are currently encrypted by CONTI ransomware. If you try to use any additional recovery software - the files might be damaged or lost. To make sure that we REALLY CAN recover data - we offer you to decrypt samples. You can contact us for further instructions through: Our website TOR VERSION : (you should download and install TOR browser first https://torproject.org) http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/ HTTPS VERSION : https://contirecovery.click YOU SHOULD BE AWARE! Just in case, if you try to ignore us. We've downloaded your data and are ready to publish it on out news website if you do not respond. So it will be better for both sides if you contact us ASAP ---BEGIN ID--- ooLEtq4RnoPZKxjArSg5my0k0vHQzC8h1DBCAikd1bSNyAhPoVlG2ENp7yAKbWbo ---END ID---
URLs

http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/

https://contirecovery.click

Targets

    • Target

      a47d7ff36064cab056d56dca4c466b4e98b331e4aed1d7aee2790cb9a94b1793.bin

    • Size

      190KB

    • MD5

      b1df6d854a85cc516b17c297e52961c7

    • SHA1

      b63cca38c6d715f7614f4bce1dcca60585e90731

    • SHA256

      a47d7ff36064cab056d56dca4c466b4e98b331e4aed1d7aee2790cb9a94b1793

    • SHA512

      472f4370e311b56db229f212f122dd925294462f5d265eed4f711fcc2e2058ca47caa031010732c3156326ee29b2d0e41d7154b389d8b345ce0f0b05db6fc05e

    Score
    10/10
    contiransomware

    • Conti Ransomware

      Ransomware generally thought to be a successor to Ryuk.

      ransomwareconti

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks