conti | 626a1863c6cb57977bf75596d78b51cb8208fadec3d68eba1dd7b5a3c88578ce

General

Target

626a1863c6cb57977bf75596d78b51cb8208fadec3d68eba1dd7b5a3c88578ce
Size

191KB
Sample

220215-ym6q1sheh6
MD5

7e10aded8fc55ad5d1fdbf20f7a96bc5
SHA1

f514f0fd76e6f5cef392de083a10a2091031f36f
SHA256

626a1863c6cb57977bf75596d78b51cb8208fadec3d68eba1dd7b5a3c88578ce
SHA512

a04e7318d8f7e58e868653f507a61d68ae872bda831597d3a71c445649a918e5416a87aa730ce875b6af89763eab4df0ad1cad26a804a74fe9942665dfbe9c09

Score

10^/10

conti ransomware

Malware Config

Extracted

Path

C:\readme.txt

Family

conti

Ransom Note

All of your files are currently encrypted by CONTI ransomware. If you try to use any additional recovery software - the files might be damaged or lost. To make sure that we REALLY CAN recover data - we offer you to decrypt samples. You can contact us for further instructions through: Our website TOR VERSION : (you should download and install TOR browser first https://torproject.org) http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/ HTTPS VERSION : https://contirecovery.best YOU SHOULD BE AWARE! Just in case, if you try to ignore us. We've downloaded your data and are ready to publish it on out news website if you do not respond. So it will be better for both sides if you contact us ASAP ---BEGIN ID--- K2N1tSspdj6THjQ4ZES1GBdPX8V2f7P5unxYqgmCB2WizNnMfRVXq03p0BtFek3h ---END ID---

URLs

http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/

https://contirecovery.best

Targets

- Target
  
  626a1863c6cb57977bf75596d78b51cb8208fadec3d68eba1dd7b5a3c88578ce
- Size
  
  191KB
- MD5
  
  7e10aded8fc55ad5d1fdbf20f7a96bc5
- SHA1
  
  f514f0fd76e6f5cef392de083a10a2091031f36f
- SHA256
  
  626a1863c6cb57977bf75596d78b51cb8208fadec3d68eba1dd7b5a3c88578ce
- SHA512
  
  a04e7318d8f7e58e868653f507a61d68ae872bda831597d3a71c445649a918e5416a87aa730ce875b6af89763eab4df0ad1cad26a804a74fe9942665dfbe9c09
Score

10^/10

conti ransomware
- Conti Ransomware
  Ransomware generally thought to be a successor to Ryuk.
  ransomware conti
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Conti Ransomware

Modifies extensions of user files

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2