Resubmissions

04-03-2022 15:10

220304-sj455agfhl 10

02-03-2022 15:53

220302-tbqs7sfea5 10

General

  • Target

    fca8d48afa7e5535fb71fd22225e86602d47dcfa5a4924fcbc33aecd9c945847

  • Size

    158KB

  • Sample

    220302-tbqs7sfea5

  • MD5

    4db7ef3cf6080d5e24b98a8581d32bef

  • SHA1

    00ff8c9e268188ae0e0ab8622c141774448cee67

  • SHA256

    fca8d48afa7e5535fb71fd22225e86602d47dcfa5a4924fcbc33aecd9c945847

  • SHA512

    a626b8191d6326273c15008ce6f23bf31c815da7b843068149d094049197f0395d605ac10bb2c37ad1912e7e0f1f9d5c31894f614255ce45a1005cfb0f15c94c

Score
10/10

Malware Config

Extracted

Path

C:\readme.txt

Family

conti

Ransom Note
All of your files are currently encrypted by CONTI strain. If you don't know who we are - just "Google it." As you already know, all of your data has been encrypted by our software. It cannot be recovered by any means without contacting our team directly. DON'T TRY TO RECOVER your data by yourselves. Any attempt to recover your data (including the usage of the additional recovery software) can damage your files. However, if you want to try - we recommend choosing the data of the lowest value. DON'T TRY TO IGNORE us. We've downloaded a pack of your internal data and are ready to publish it on our news website if you do not respond. So it will be better for both sides if you contact us as soon as possible. DON'T TRY TO CONTACT feds or any recovery companies. We have our informants in these structures, so any of your complaints will be immediately directed to us. So if you will hire any recovery company for negotiations or send requests to the police/FBI/investigators, we will consider this as a hostile intent and initiate the publication of whole compromised data immediately. To prove that we REALLY CAN get your data back - we offer you to decrypt two random files completely free of charge. You can contact our team directly for further instructions through our website : TOR VERSION : (you should download and install TOR browser first https://torproject.org) http://contirec7nchr45rx6ympez5rjldibnqzh7lsa56lvjvaeywhvoj3wad.onion/wHUMNAhqn0BRlXDVwazaoC1e7OBRqvYe8iOyTn7MaoVFQo9qxTKGpjbY6A9u4jPD YOU SHOULD BE AWARE! We will speak only with an authorized person. It can be the CEO, top management, etc. In case you are not such a person - DON'T CONTACT US! Your decisions and action can result in serious harm to your company! Inform your supervisors and stay calm!
URLs

http://contirec7nchr45rx6ympez5rjldibnqzh7lsa56lvjvaeywhvoj3wad.onion/wHUMNAhqn0BRlXDVwazaoC1e7OBRqvYe8iOyTn7MaoVFQo9qxTKGpjbY6A9u4jPD

Targets

    • Target

      fca8d48afa7e5535fb71fd22225e86602d47dcfa5a4924fcbc33aecd9c945847

    • Size

      158KB

    • MD5

      4db7ef3cf6080d5e24b98a8581d32bef

    • SHA1

      00ff8c9e268188ae0e0ab8622c141774448cee67

    • SHA256

      fca8d48afa7e5535fb71fd22225e86602d47dcfa5a4924fcbc33aecd9c945847

    • SHA512

      a626b8191d6326273c15008ce6f23bf31c815da7b843068149d094049197f0395d605ac10bb2c37ad1912e7e0f1f9d5c31894f614255ce45a1005cfb0f15c94c

    Score
    10/10
    • Conti Ransomware

      Ransomware generally thought to be a successor to Ryuk.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Drops startup file

MITRE ATT&CK Matrix

Tasks