General
-
Target
http://92.63.197.190/jap.exe
-
Sample
200214-87w9zpv2l2
Score
10/10
Static task
static1
Behavioral task
behavioral1
Sample
http://92.63.197.190/jap.exe
Resource
win10v191014
windows10_x64
0 signatures
0 seconds
Malware Config
Extracted
Path
C:\NEMTY_MLK8D17-DECRYPT.txt
Family
nemty
Ransom Note
---> NEMTY 2.5 REVENGE <---
Some (or maybe all) of your files got encryped.
We provide decryption tool if you pay a ransom.
Don't worry, if we can't help you with decrypting - other people won't trust us.
We provide test decryption, as proof that we can decrypt your data.
You have 3 month to pay (after visiting the ransom page) until decryption key will be deleted from server.
After 3 month no one, even our service can't make decryptor.
1) Web-Browser
a) Open your browser.
b) Open this link: http://nemty.top/public/pay.php
c) Upload this file.
d) Follow the instructions.
2) Tor-Browser
a) Download&Install Tor-Browser.
b) Open Tor-Browser.
c) Open this link : http://zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion/public/pay.php
d) Upload this file.
e) Follow the instruction.
<BEGIN NEMTY KEY>
ClmneK5h4ehr7OYNTX68n5sFqfl8FXyqRmFe7tk5vMCV3YjkVwmYORwyMVm7xVh4A/6IDOBh0RcCBeOXyE3oTr7vSXBAnZ8+eGoAUdL1ZT360bSo87rb66YmZ3FnSgRUcApgjwsQFjuve1SB6HCl/EAuWXq3XQ9vg/NY/RLf/LQ5c9ModdKrtH5yCxOratF6/csfFMAei9So3oJbhe4sAo/d5ZZLS1v9IGlnTvM/tTCexZAto6sRJ3Rm2NthdFAN1HqTd+AkT9x0oOdm02oSWQNFbUXyw/qXvpAi28Jgjt3URd0QGU0mKkSv/U/G9+xhmKkXoQfKPV19qXHSOWYH1MG2phOUfnNosmZ5Pe6Rvo4D07ZUorVjz9CM6fadlqbm//+6QqHp9L2WsPY8dDWUiA4JmHMS96/U95/vkxoHV7380t8Vq2R5mUUge/0YS+eotVPthKIDsNnUAIcIjagBe1UHOrmAyfX4vdmjKSrYpT4WKxPjt/n/biqKhuim1nWUWOXJxeu6gWjXFOytJY6MAalqpjBAFHCEZu3ibFnxJOj9XdeKjA3NMgP5sLcW7lXgObyDoWi/JQHx8K/TbFJsjWyAFtTR2YQhkftPnw3KK2qute+EcCUMnwcze4UR3WLWrD5Jqcgkwg7Iiv8idNlIOG0NkfioOAdvE3k9FB666O3Wpv7IW/RdkYTB02YgIDGhqO4fM/67SKP1v9si0R2ljjM6MII9d5ZVhj76kOgtSwwIZ7tRDeTea0TzeftzUnL9TttMJBKhNoPHbDiv8nybcxZbpTmKsfnfGmVL8rcEK3py0WmHptmYgJEs9OGmIdG8sf5wyrLBVo4tXG5V9KqlIe/qo+I++0xxm2dodL42QsIaI9/lfLk3QMYSUbg9AVdDjKbHwW2XMT3EH6KrSAP6fcM7V7rLFKonRf6yF4nZFP28B5eOUm2b61FisRMw3NbBY565hyX4mzwBHkwarmoKL7uvMHqJxFwBPpP+wBu6YGO/5Otcmc1bNQv5QV7yZMhDZ6x3TL6+82GQ7aXNtl94FfSlIv2jt1YaN5VV21ATX3wgY8PA/aWfBI0D8k6vBfPiwQ5WFXCQ7DSqrgQZKOhLF3X7m+24lGa+a2XMU1G88QQSGn8j13H9gtn2eLuLFdBNl7GCdBRWhYZvcPixEMjy4swWvNaBVKp67oW3HkeG16JGobOjBZRLsxpfgRMY092rs2Th/hVM+8llbF/ZI6eIQwAnMAAieTiit9/lW+F1/lMusbOh6dnkmwdLgqgoAMD8b4nQ1ZWyB3EvuIy2WslLjSKnCrak0wl0elEipBdbBznKv3Hu5Q8tvYSGig7ZWbIJEhko08GgjgXE7kRAol+RXA==cS+tJ9+oiHazfidxKdf5Ng2hK4vPUnBFmvsfZgRxXoC56p8yIlRQQDPwo50PKrZEG3+IGWqc5sJDv0DBuIk9BJAYYuGkIgQSV/JYMCkETXaz/tIfG3omFRVZ0Vm+d6Y/Nem+uOTvlMJhNKEBbsqpZ7rdN+L7Q2YvchrsO7sLfuxsuhKqccW1AcmAlUy7RTNI+Ol59sSDrsd/m5ENTcW9ydPMPZu/Pu/bWGsRiKwro09VIapcett8MQ0dWLDM9/JPWp0KRgRfUJNvdRus/XDhwXtvZlLCySJ487snDtSTNK8fJILvaRBsm6fhKnUFn6yTgq3t/Aduqct3Vr9Ms85KCprl5yVvGL9S6rof/JkQiUAphSmuFHW2pK90FXLIqLS+ljNU4D9y+ejuoXgIdWXyFjQ+4pJPQ+Newm9jVeYXJ0FVlyR3IisG31G0zl3RSWwZjQmRC1gso5Ps6u6EP+KxqN1tf7vRaB/G7jRMvf4iB6UpW3R57cMz3Y81fwKR8j5DDLBO8UQzwxiaxBhioEBDUzQyTJqfRCwoEG9CKKy4lUcs5UBHXrsxVa8/IbABfOATbVwUGMcRmZv4xtkozzBrKMDB87Af97PlGDPWfYzekz+AN6+/CslcC6QDT5X9fc9f5FOdZrrZ3cJqstT2ed3kdG5jBp+0JPAncxadkg/REEelBGpQnIOW/VG42mPNWT3msUuLP1vwkOs+y6ib/EkzBwMD+7SGsC8dKMblXGzpQkU5/F0hSQNMM8G6VAtvT6GToRTr6BRfLkrXoYEt/GYqDiOYNDBw1ZMLBUrxs1Rvy/dtde+6vrXn0ONMWXd9TpVd2gqF6bVyhLg+tbXlOpdFN4U09JJBFDEKIHJAv20zGooFnmFqKxiGAoPsdh3T5GvLViYOQo/mCXVVcx2cz9wJPVD5i8yOmd8s8N1Vb8freGwn7++AurLKkZ2zpEDJX2vGT/Ps6w5Zi9tnzZjKT0dHNhBLRRQHXA0Nt/WxkbMm1nELyg5RO7p5K/ta0dFK3V4IQ2mYWXvLyYxTKcEevK1veLn+lEgvQxLnlTpZ1vO29bNyXqyJJtukvs/Y8n4AeK6+prX06ga9a06oKTHrAIvegY9WTrJkffFCvN6obXL04pmt6Bd7ZrofU+gFAzT/BYMbZ+9DOOBdeUJZS23++eFjnGnFOWWmaOsRcIEhxWLgxjs0Cp6OJEmeELyQxcyu49BOXi6MBy1Q3FfoAUxKwd6tJ/3hTLf3S/VGgRCu5PgSJbFr7nfY1E2u63p8yRTTlgCvPc3TX7FIxUMfjovjmRL2Bdoc169Gz2Lqa303WA5oIu3YxHw8Qg3E507azZVxp28BYWCTSo4g5/OAcC1EkQPvmg==
URLs
http://nemty.top/public/pay.php
http://zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion/public/pay.php
Targets
-
-
Target
http://92.63.197.190/jap.exe
Score10/10-
Nemty
Ransomware discovered in late 2019 which has been actively developed/updated over time.
-
Executes dropped EXE
-
Program crash
-
Modifies service
-