General
-
Target
a2f6c36cb8f46207028fbd3f3b69e306d3bdc4fc0391cfda5609812df880be07.sample
-
Size
207KB
-
Sample
210726-pec6mlkv3a
-
MD5
ae24eb430be3d0598b7510bba484f580
-
SHA1
9b6a75b930e8ea41578ec0a6d3df2259a6990d1d
-
SHA256
a2f6c36cb8f46207028fbd3f3b69e306d3bdc4fc0391cfda5609812df880be07
-
SHA512
ca5ec7ca780642bc0105a84c7f4eea60b826d36429ecdceb2a9bb27f2ce688909a6953d18bd9884b19a36604a8c170876c6997c743ca3dbe44ecdfd4a142042a
Static task
static1
Behavioral task
behavioral1
Sample
a2f6c36cb8f46207028fbd3f3b69e306d3bdc4fc0391cfda5609812df880be07.sample.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
a2f6c36cb8f46207028fbd3f3b69e306d3bdc4fc0391cfda5609812df880be07.sample.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
a2f6c36cb8f46207028fbd3f3b69e306d3bdc4fc0391cfda5609812df880be07.sample
-
Size
207KB
-
MD5
ae24eb430be3d0598b7510bba484f580
-
SHA1
9b6a75b930e8ea41578ec0a6d3df2259a6990d1d
-
SHA256
a2f6c36cb8f46207028fbd3f3b69e306d3bdc4fc0391cfda5609812df880be07
-
SHA512
ca5ec7ca780642bc0105a84c7f4eea60b826d36429ecdceb2a9bb27f2ce688909a6953d18bd9884b19a36604a8c170876c6997c743ca3dbe44ecdfd4a142042a
Score10/10-
Nemty
Ransomware discovered in late 2019 which has been actively developed/updated over time.
-
suricata: ET MALWARE Win32/Nemty Ransomware Style Geo IP Check M1
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-