General

  • Target

    6ee0ab481d61828f19c749809d2623aad295042228da1148643d7c656ab3632f

  • Size

    194KB

  • Sample

    220215-ymw7ksagfk

  • MD5

    5c8cf8fd1fa4b05f8dd9fed35d43d678

  • SHA1

    e25ae9df2f0541c033967bbbc3053a1474af11c3

  • SHA256

    6ee0ab481d61828f19c749809d2623aad295042228da1148643d7c656ab3632f

  • SHA512

    5a1900ee7d052f6775dc546b35d1a83636683028c61a5e7e69feefa4e73d7458f4f94b702489f1ce53821830be7e41597889e0735d33e0243eec6ad4c05d237c

Score
10/10

Malware Config

Extracted

Path

C:\readme.txt

Family

conti

Ransom Note
All of your files are currently encrypted by CONTI strain. As you know (if you don't - just "google it"), all of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly. If you try to use any additional recovery software - the files might be damaged, so if you are willing to try - try it on the data of the lowest value. To make sure that we REALLY CAN get your data back - we offer you to decrypt 2 random files completely free of charge. You can contact our team directly for further instructions through our website : TOR VERSION : (you should download and install TOR browser first https://torproject.org) http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/ HTTPS VERSION : https://contirecovery.click YOU SHOULD BE AWARE! Just in case, if you try to ignore us. We've downloaded a pack of your internal data and are ready to publish it on out news website if you do not respond. So it will be better for both sides if you contact us as soon as possible. ---BEGIN ID--- 7PPc2qVdeAzQ3HuUMVy7CmF248JCEZfO76lSkvis3mfDlYjgKFw8u7tEco0dQc0d ---END ID---
URLs

http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/

https://contirecovery.click

Targets

    • Target

      6ee0ab481d61828f19c749809d2623aad295042228da1148643d7c656ab3632f

    • Size

      194KB

    • MD5

      5c8cf8fd1fa4b05f8dd9fed35d43d678

    • SHA1

      e25ae9df2f0541c033967bbbc3053a1474af11c3

    • SHA256

      6ee0ab481d61828f19c749809d2623aad295042228da1148643d7c656ab3632f

    • SHA512

      5a1900ee7d052f6775dc546b35d1a83636683028c61a5e7e69feefa4e73d7458f4f94b702489f1ce53821830be7e41597889e0735d33e0243eec6ad4c05d237c

    Score
    10/10
    • Conti Ransomware

      Ransomware generally thought to be a successor to Ryuk.

MITRE ATT&CK Matrix

Tasks