Overview

overview

10

Static

static

3

ef3085e0-e...bd.dll

windows7-x64

10

ef3085e0-e...bd.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef3085e0-e173-4f18-9e18-fada2a2171bd

  • Size

    190KB

  • Sample

    240321-ret9paeg3z

  • MD5

    f61817daf163c6617b22418bc887b9d3

  • SHA1

    e78d49cd87c37659890603bee2acca888ab381fd

  • SHA256

    03597628e999d791f4cc442328024235db9a929467a62ef0a00c91a76161f0e1

  • SHA512

    3e0cd971b6d5d3721f710a7814b320596541bcb7f021f48353a0effc24282fa241c73ce5a76ef85ebffa686f1699ccab2e8c24ad20632461cc84e2befbd74366

  • SSDEEP

    3072:HJkg5cAzJkv06HGaVpiehqpGDYwAM/cNfK89j8Qa34o7dVxt:HFcuVqTATicDNYVb

Score
10/10
contiransomware

Malware Config

Extracted

Path

C:\Program Files (x86)\readme.txt

Family

conti

Ransom Note
All of your files are currently encrypted by CONTI strain. As you know (if you don't - just "google it"), all of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly. If you try to use any additional recovery software - the files might be damaged, so if you are willing to try - try it on the data of the lowest value. To make sure that we REALLY CAN get your data back - we offer you to decrypt 2 random files completely free of charge. You can contact our team directly for further instructions through our website : TOR VERSION : (you should download and install TOR browser first https://torproject.org) http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/ HTTPS VERSION : https://contirecovery.ws YOU SHOULD BE AWARE! Just in case, if you try to ignore us. We've downloaded a pack of your internal data and are ready to publish it on out news website if you do not respond. So it will be better for both sides if you contact us as soon as possible. ---BEGIN ID--- wSpHH7e2NMHQ5dF3CSF5k29fvPRrxASNCdHphh0cOIGmOYvJHhhhcCmIpcX9XbW9 ---END ID---
URLs

http://contirecj4hbzmyzuydyzrvm2c65blmvhoj2cvf25zqj2dwrrqcq5oad.onion/

https://contirecovery.ws

Targets

    • Target

      ef3085e0-e173-4f18-9e18-fada2a2171bd

    • Size

      190KB

    • MD5

      f61817daf163c6617b22418bc887b9d3

    • SHA1

      e78d49cd87c37659890603bee2acca888ab381fd

    • SHA256

      03597628e999d791f4cc442328024235db9a929467a62ef0a00c91a76161f0e1

    • SHA512

      3e0cd971b6d5d3721f710a7814b320596541bcb7f021f48353a0effc24282fa241c73ce5a76ef85ebffa686f1699ccab2e8c24ad20632461cc84e2befbd74366

    • SSDEEP

      3072:HJkg5cAzJkv06HGaVpiehqpGDYwAM/cNfK89j8Qa34o7dVxt:HFcuVqTATicDNYVb

    Score
    10/10
    contiransomware

    • Conti Ransomware

      Ransomware generally thought to be a successor to Ryuk.

      ransomwareconti

    • Renames multiple (7841) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks