General

  • Target

    73bd8c2aa71f5dcd9d2ddd79e53656c6ae3db2535e08cf9dab1cd13bdd6d5ea3

  • Size

    189KB

  • Sample

    220215-ymrxvsheh3

  • MD5

    811c6de9ce787c8d540a09795a5673c1

  • SHA1

    604eb2e2d9573143730210fd57bda01c59447080

  • SHA256

    73bd8c2aa71f5dcd9d2ddd79e53656c6ae3db2535e08cf9dab1cd13bdd6d5ea3

  • SHA512

    9a319f7073566269656e2fe98edd712718976fdcc614a8b583199b0036d0511e37fcecec1cfe3f0c6db87b61f69d1d389e37b70f24e0fe658f3ea122e2c43c1a

Score
10/10

Malware Config

Extracted

Path

C:\readme.txt

Family

conti

Ransom Note
All of your files are currently encrypted by CONTI ransomware. If you try to use any additional recovery software - the files might be damaged or lost. To make sure that we REALLY CAN recover data - we offer you to decrypt samples. You can contact us for further instructions through: Our email [email protected] Our website TOR VERSION : (you should download and install TOR browser first https://torproject.org) http://m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid.onion HTTPS VERSION : https://contirecovery.best YOU SHOULD BE AWARE! Just in case, if you try to ignore us. We've downloaded your data and are ready to publish it on out news website if you do not respond. So it will be better for both sides if you contact us ASAP ---BEGIN ID--- haUoPaqUZL8kH4VW9Qph2r40fLnAavX1Se2tGYNKcp0BjNP4rxfcVgiyoJfzehMO ---END ID---
URLs

http://m232fdxbfmbrcehbrj5iayknxnggf6niqfj6x4iedrgtab4qupzjlaid.onion

https://contirecovery.best

Targets

    • Target

      73bd8c2aa71f5dcd9d2ddd79e53656c6ae3db2535e08cf9dab1cd13bdd6d5ea3

    • Size

      189KB

    • MD5

      811c6de9ce787c8d540a09795a5673c1

    • SHA1

      604eb2e2d9573143730210fd57bda01c59447080

    • SHA256

      73bd8c2aa71f5dcd9d2ddd79e53656c6ae3db2535e08cf9dab1cd13bdd6d5ea3

    • SHA512

      9a319f7073566269656e2fe98edd712718976fdcc614a8b583199b0036d0511e37fcecec1cfe3f0c6db87b61f69d1d389e37b70f24e0fe658f3ea122e2c43c1a

    Score
    10/10
    • Conti Ransomware

      Ransomware generally thought to be a successor to Ryuk.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Drops desktop.ini file(s)

MITRE ATT&CK Matrix

Tasks