General
-
Target
98f260b52586edd447eaab38f113fc98b9ff6014e291c59c9cd639df48556e12.sample
-
Size
234KB
-
Sample
210726-g55m9m53sx
-
MD5
3e6672a68447e4e7c297e4dd7171b906
-
SHA1
72a1af262187ac809a3c6395e5f3f3f5804e51e3
-
SHA256
98f260b52586edd447eaab38f113fc98b9ff6014e291c59c9cd639df48556e12
-
SHA512
033b9387428e83ebae802fa3a2547bef5b4741acd2a1d508c79ec942421d599d68f26196d78961fc07e469226c4a6d24d8e32ff56710105162b9967e5f8159a9
Static task
static1
Behavioral task
behavioral1
Sample
98f260b52586edd447eaab38f113fc98b9ff6014e291c59c9cd639df48556e12.sample.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
98f260b52586edd447eaab38f113fc98b9ff6014e291c59c9cd639df48556e12.sample.exe
Resource
win10v20210408
Malware Config
Extracted
C:\_NEMTY_SVSVKQT_-DECRYPT.txt
nemty
http://nemty.hk/pay
Extracted
C:\_NEMTY_RCDRMWE_-DECRYPT.txt
nemty
http://nemty.hk/pay
Targets
-
-
Target
98f260b52586edd447eaab38f113fc98b9ff6014e291c59c9cd639df48556e12.sample
-
Size
234KB
-
MD5
3e6672a68447e4e7c297e4dd7171b906
-
SHA1
72a1af262187ac809a3c6395e5f3f3f5804e51e3
-
SHA256
98f260b52586edd447eaab38f113fc98b9ff6014e291c59c9cd639df48556e12
-
SHA512
033b9387428e83ebae802fa3a2547bef5b4741acd2a1d508c79ec942421d599d68f26196d78961fc07e469226c4a6d24d8e32ff56710105162b9967e5f8159a9
Score10/10-
Nemty
Ransomware discovered in late 2019 which has been actively developed/updated over time.
-
suricata: ET MALWARE Win32/Nemty Ransomware Style Geo IP Check M1
-
suricata: ET MALWARE Win32/Nemty Ransomware Style Geo IP Check M2
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-