Overview

overview

10

Static

static

sample.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    767ab6e3cf7f6251e76b0f6d3c9812d738f24382d3057c627902d9402b722dbc.bin.sample.gz

  • Size

    563KB

  • Sample

    220225-agdlaadhg8

  • MD5

    5cb2359ea76d7b7aa9f54fa3e167ce38

  • SHA1

    dee88e98f68b563956bdd5edddc7ff0df3065957

  • SHA256

    64485b3ea7ab067e7a83611f8c4caaf74482cdacb8a41bf118d967de3f1b51b2

  • SHA512

    07a803136c07aeb93f0c876c3fe7226ecb9ba5b55054bab5d271fa7c09cba0b60a13df8f94c9f365cc0509333550b483736090efe4514596c8dd9d621a6d7a48

Score
10/10
contiransomware

Malware Config

Extracted

Path

C:\readme.txt

Family

conti

Ransom Note
All of your files are currently encrypted by CONTI strain. As you know (if you don't - just "google it"), all of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly. If you try to use any additional recovery software - the files might be damaged, so if you are willing to try - try it on the data of the lowest value. To make sure that we REALLY CAN get your data back - we offer you to decrypt 2 random files completely free of charge. You can contact our team directly for further instructions through our website : TOR VERSION : (you should download and install TOR browser first https://torproject.org) http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/ HTTPS VERSION : https://contirecovery.top/ YOU SHOULD BE AWARE! Just in case, if you try to ignore us. We've downloaded a pack of your internal data and are ready to publish it on out news website if you do not respond. So it will be better for both sides if you contact us as soon as possible. ---BEGIN ID--- CxqsKPQtbmCMPHCmjI4dqIuIRc9DjFvMh1OMQQOsIWwRKAZu2tyC6F8cPDPYDtcD ---END ID---
URLs

http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/

https://contirecovery.top/

Targets

    • Target

      sample

    • Size

      563KB

    • MD5

      b1c42bc4f6b0ceeb90853b69879b7a1b

    • SHA1

      895dc9a571f74b6515d82974b3591de7e3378079

    • SHA256

      767ab6e3cf7f6251e76b0f6d3c9812d738f24382d3057c627902d9402b722dbc

    • SHA512

      6412a5ab81a7cbfbe4d47103bd63f05c3eb78fa9d0a94f6785e652a8d8c13e418dc32f59d26a6703e567ebe1801cfe6fc45a94f4e4a7e938d276f8e9664cfb5b

    Score
    10/10
    contiransomware

    • Conti Ransomware

      Ransomware generally thought to be a successor to Ryuk.

      ransomwareconti

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Drops desktop.ini file(s)

    behavioral1

MITRE ATT&CK Matrix

Tasks