General

  • Target

    74aa5ff53c56c0eaf29d4fce536a55fa42d55cffa77b83671f8ef5bfa958665d

  • Size

    100KB

  • Sample

    220215-ympshaageq

  • MD5

    f4605fc52ce92a0072f988a2b52a60d6

  • SHA1

    d8fa71bd556d507ad8e8f1decb3db9f8176bf5e4

  • SHA256

    74aa5ff53c56c0eaf29d4fce536a55fa42d55cffa77b83671f8ef5bfa958665d

  • SHA512

    64ffe9485d43fe86adad08251cb1c656aae839a4579a06fc12f584832bcfc438ac6cd9af4213489bdcc524b7aa927ee16cbde6b708be99aa1450ea045b3ec375

Score
10/10

Malware Config

Extracted

Path

C:\readme.txt

Family

conti

Ransom Note
All of your files are currently encrypted by CONTI strain. As you know (if you don't - just "google it"), all of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly. If you try to use any additional recovery software - the files might be damaged, so if you are willing to try - try it on the data of the lowest value. To make sure that we REALLY CAN get your data back - we offer you to decrypt 2 random files completely free of charge. You can contact our team directly for further instructions through our website : TOR VERSION : (you should download and install TOR browser first https://torproject.org) http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/ HTTPS VERSION : https://contirecovery.best YOU SHOULD BE AWARE! Just in case, if you try to ignore us. We've downloaded a pack of your internal data and are ready to publish it on out news website if you do not respond. So it will be better for both sides if you contact us as soon as possible. ---BEGIN ID--- 1FRzMJVwqKYCJtL0JfSFSwKnsVTjUuAwkA2PxjPiRNqNR11KjqUR9LbNpfFUCEpw ---END ID---
URLs

http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/

https://contirecovery.best

Targets

    • Target

      74aa5ff53c56c0eaf29d4fce536a55fa42d55cffa77b83671f8ef5bfa958665d

    • Size

      100KB

    • MD5

      f4605fc52ce92a0072f988a2b52a60d6

    • SHA1

      d8fa71bd556d507ad8e8f1decb3db9f8176bf5e4

    • SHA256

      74aa5ff53c56c0eaf29d4fce536a55fa42d55cffa77b83671f8ef5bfa958665d

    • SHA512

      64ffe9485d43fe86adad08251cb1c656aae839a4579a06fc12f584832bcfc438ac6cd9af4213489bdcc524b7aa927ee16cbde6b708be99aa1450ea045b3ec375

    Score
    10/10
    • Conti Ransomware

      Ransomware generally thought to be a successor to Ryuk.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks