Overview

overview

10

Static

static

d9955b1fb2...a4.dll

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d9955b1fb2a1fd694684c2a316001273b27e3c1f3e6f28a3e4d3c83a9165cda4.zip

  • Size

    147KB

  • Sample

    220618-tj34hacde6

  • MD5

    9a319f715c1a3c328ccb0645a635959f

  • SHA1

    c8da83e7d5c50143aa65b98aecec030736c5680b

  • SHA256

    048c3cd4a274773e7b12a52ba28957f2e7dbff3eda6660edd9f1ba4ffd9d66af

  • SHA512

    818336bcca2312ae339016f150cb5a404274bac6eb7dd565a1edca55517300b29350b9d510e190b8964c7f9c29d66f55d4ea29bf36e71a1ec132212d23baa03c

Score
10/10
contiransomwarespywarestealer

Malware Config

Extracted

Path

C:\readme.txt

Family

conti

Ransom Note
All of your files are currently encrypted by CONTI strain. As you know (if you don't - just "google it"), all of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly. If you try to use any additional recovery software - the files might be damaged, so if you are willing to try - try it on the data of the lowest value. To make sure that we REALLY CAN get your data back - we offer you to decrypt 2 random files completely free of charge. You can contact our team directly for further instructions through our website : TOR VERSION : (you should download and install TOR browser first https://torproject.org) http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/ HTTPS VERSION : https://contirecovery.xyz/ YOU SHOULD BE AWARE! Just in case, if you try to ignore us. We've downloaded a pack of your internal data and are ready to publish it on out news website if you do not respond. So it will be better for both sides if you contact us as soon as possible. ---BEGIN ID--- 3lh1HTp6Jy41DhTGBlpTPzjrS1uGJGWIi3bDhEQl6BxqUH6o1UrFoxo4eNanBB3B ---END ID---
URLs

http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/

https://contirecovery.xyz/

Targets

    • Target

      d9955b1fb2a1fd694684c2a316001273b27e3c1f3e6f28a3e4d3c83a9165cda4

    • Size

      297KB

    • MD5

      a5e1a5350e6060277d20d9dbadd29179

    • SHA1

      9a71c65ca713f90258856e5a481ab75bafd207b3

    • SHA256

      d9955b1fb2a1fd694684c2a316001273b27e3c1f3e6f28a3e4d3c83a9165cda4

    • SHA512

      43b992b4446ff65b9efaef5d086a36e36f2a43e3f24bf7cc5309e8091c921487666a7e111b8424692f33b42605d33250246deaf73f857b4d5fd96b759f0ed386

    Score
    10/10
    contiransomwarespywarestealer

    • Conti Ransomware

      Ransomware generally thought to be a successor to Ryuk.

      ransomwareconti

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks