conti | 1ce8a939b3e7d84c59c12dc9e1091532f4336dac533847b6533b01d9dcf494e9

General

Target

1ce8a939b3e7d84c59c12dc9e1091532f4336dac533847b6533b01d9dcf494e9.exe
Size

190KB
Sample

221206-m6qncseg7v
MD5

2dc5a4338d438ea4e78878cff4cfe2cf
SHA1

cfdd6e3a69b12d43af94cb0441db3e1ef93f74f8
SHA256

1ce8a939b3e7d84c59c12dc9e1091532f4336dac533847b6533b01d9dcf494e9
SHA512

32a8d6f2fa1e472aefa8cc41cb59b5b67e84d336ca35c5b1f5d2a2ad2eae5a7ba1cbfba17f75261b0220a5d896b72bb4b95c5c86a6c8bda4b9bf50463f2222fc
SSDEEP

3072:mbgz9OJcW+b7d55P96aqwKDpi68oLlmqMVHKXhtK+Ux/fcVIx5xa:59uQb7V9KwKDpiSLl6B6hmplPa

Score

10^/10

Malware Config

Extracted

Path

C:\readme.txt

Family

conti

Ransom Note

All of your files are currently encrypted by CONTI ransomware. If you try to use any additional recovery software - the files might be damaged or lost. To make sure that we REALLY CAN recover data - we offer you to decrypt samples. You can contact us for further instructions through: Our website TOR VERSION : (you should download and install TOR browser first https://torproject.org) http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/ HTTPS VERSION : https://contirecovery.top/ YOU SHOULD BE AWARE! Just in case, if you try to ignore us. We've downloaded your data and are ready to publish it on out news website if you do not respond. So it will be better for both sides if you contact us ASAP ---BEGIN ID--- FQ6C1V320lsGoEpDS1i4SFkTzLnOQ9vSXpwMwYdsE7CL2myTZeHVHuuqtzHQGOpB ---END ID---

URLs

http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/

https://contirecovery.top/

Targets

- Target
  
  1ce8a939b3e7d84c59c12dc9e1091532f4336dac533847b6533b01d9dcf494e9.exe
- Size
  
  190KB
- MD5
  
  2dc5a4338d438ea4e78878cff4cfe2cf
- SHA1
  
  cfdd6e3a69b12d43af94cb0441db3e1ef93f74f8
- SHA256
  
  1ce8a939b3e7d84c59c12dc9e1091532f4336dac533847b6533b01d9dcf494e9
- SHA512
  
  32a8d6f2fa1e472aefa8cc41cb59b5b67e84d336ca35c5b1f5d2a2ad2eae5a7ba1cbfba17f75261b0220a5d896b72bb4b95c5c86a6c8bda4b9bf50463f2222fc
- SSDEEP
  
  3072:mbgz9OJcW+b7d55P96aqwKDpi68oLlmqMVHKXhtK+Ux/fcVIx5xa:59uQb7V9KwKDpiSLl6B6hmplPa
Score

10^/10

conti ransomware spyware stealer
- Conti Ransomware
  Ransomware generally thought to be a successor to Ryuk.
  ransomware conti
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Conti Ransomware

Modifies extensions of user files

Drops startup file

Reads user/profile data of web browsers

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2