General

  • Target

    dd1c312400365691de6abd0b2ae79a671dea9a0aaddd354f720614716564d7d7

  • Size

    170KB

  • Sample

    220215-ylq9yaheg4

  • MD5

    214f847eb6323a6dc803265129ef9a66

  • SHA1

    250661ed898895dd76318247ddff29ebb0f99242

  • SHA256

    dd1c312400365691de6abd0b2ae79a671dea9a0aaddd354f720614716564d7d7

  • SHA512

    481e28b21866caad255f23fb03806ec06e64bc95975131a8a63fe42e8745d9c509ebdaacc1b14070c45d5f7fcf88c240f679ce239f7009ab9aae1e0724dd6a6d

Score
10/10

Malware Config

Extracted

Path

C:\readme.txt

Family

conti

Ransom Note
All of your files are currently encrypted by CONTI strain. As you know (if you don't - just "google it"), all of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly. If you try to use any additional recovery software - the files might be damaged, so if you are willing to try - try it on the data of the lowest value. To make sure that we REALLY CAN get your data back - we offer you to decrypt 2 random files completely free of charge. You can contact our team directly for further instructions through our website : TOR VERSION : (you should download and install TOR browser first https://torproject.org) http://contirec7nchr45rx6ympez5rjldibnqzh7lsa56lvjvaeywhvoj3wad.onion/4x6g4UBjrVpH8czqO7zPYDjE5OvcwsWeiWO7cCokfyS1aP5tq3YQCKJR10myvR20 YOU SHOULD BE AWARE! Just in case, if you try to ignore us. We've downloaded a pack of your internal data and are ready to publish it on out news website if you do not respond. So it will be better for both sides if you contact us as soon as possible. ---BEGIN ID--- 4x6g4UBjrVpH8czqO7zPYDjE5OvcwsWeiWO7cCokfyS1aP5tq3YQCKJR10myvR20 ---END ID---
URLs

http://contirec7nchr45rx6ympez5rjldibnqzh7lsa56lvjvaeywhvoj3wad.onion/4x6g4UBjrVpH8czqO7zPYDjE5OvcwsWeiWO7cCokfyS1aP5tq3YQCKJR10myvR20

Targets

    • Target

      dd1c312400365691de6abd0b2ae79a671dea9a0aaddd354f720614716564d7d7

    • Size

      170KB

    • MD5

      214f847eb6323a6dc803265129ef9a66

    • SHA1

      250661ed898895dd76318247ddff29ebb0f99242

    • SHA256

      dd1c312400365691de6abd0b2ae79a671dea9a0aaddd354f720614716564d7d7

    • SHA512

      481e28b21866caad255f23fb03806ec06e64bc95975131a8a63fe42e8745d9c509ebdaacc1b14070c45d5f7fcf88c240f679ce239f7009ab9aae1e0724dd6a6d

    Score
    10/10
    • Conti Ransomware

      Ransomware generally thought to be a successor to Ryuk.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks