Overview

overview

10

Static

static

a2f6c36cb8...le.exe

windows7_x64

10

a2f6c36cb8...le.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a2f6c36cb8f46207028fbd3f3b69e306d3bdc4fc0391cfda5609812df880be07.sample

  • Size

    207KB

  • Sample

    210726-pec6mlkv3a

  • MD5

    ae24eb430be3d0598b7510bba484f580

  • SHA1

    9b6a75b930e8ea41578ec0a6d3df2259a6990d1d

  • SHA256

    a2f6c36cb8f46207028fbd3f3b69e306d3bdc4fc0391cfda5609812df880be07

  • SHA512

    ca5ec7ca780642bc0105a84c7f4eea60b826d36429ecdceb2a9bb27f2ce688909a6953d18bd9884b19a36604a8c170876c6997c743ca3dbe44ecdfd4a142042a

Score
10/10
nemtyransomwaresuricata

Malware Config

Targets

    • Target

      a2f6c36cb8f46207028fbd3f3b69e306d3bdc4fc0391cfda5609812df880be07.sample

    • Size

      207KB

    • MD5

      ae24eb430be3d0598b7510bba484f580

    • SHA1

      9b6a75b930e8ea41578ec0a6d3df2259a6990d1d

    • SHA256

      a2f6c36cb8f46207028fbd3f3b69e306d3bdc4fc0391cfda5609812df880be07

    • SHA512

      ca5ec7ca780642bc0105a84c7f4eea60b826d36429ecdceb2a9bb27f2ce688909a6953d18bd9884b19a36604a8c170876c6997c743ca3dbe44ecdfd4a142042a

    Score
    10/10
    nemtyransomwaresuricata

    • Nemty

      Ransomware discovered in late 2019 which has been actively developed/updated over time.

      ransomwarenemty

    • suricata: ET MALWARE Win32/Nemty Ransomware Style Geo IP Check M1

      suricata

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

File Deletion

2
T1107

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Inhibit System Recovery

2
T1490

Tasks