General
-
Target
5078a0940abc31a7fa271483ac345044a91a0e21c517bceb85091cd3fca310f7.sample
-
Size
243KB
-
Sample
210726-sxy8rb1lpn
-
MD5
7334c27a6a2531b01ec94922160b87cf
-
SHA1
451cf681bda77ea4bce041bed83050f78a135c3b
-
SHA256
5078a0940abc31a7fa271483ac345044a91a0e21c517bceb85091cd3fca310f7
-
SHA512
e833072c48f3f5ec9a3bb7134d402f8858f8a0722c0066db5303944016f696985edde773e3949ccf590b63e4fe8434c17d19d193ab264009a4a8604ef85da2b6
Static task
static1
Behavioral task
behavioral1
Sample
5078a0940abc31a7fa271483ac345044a91a0e21c517bceb85091cd3fca310f7.sample.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
5078a0940abc31a7fa271483ac345044a91a0e21c517bceb85091cd3fca310f7.sample.exe
Resource
win10v20210410
Malware Config
Extracted
C:\_NEMTY_GDQ7HQH_-DECRYPT.txt
nemty
http://nemty.hk/pay
Targets
-
-
Target
5078a0940abc31a7fa271483ac345044a91a0e21c517bceb85091cd3fca310f7.sample
-
Size
243KB
-
MD5
7334c27a6a2531b01ec94922160b87cf
-
SHA1
451cf681bda77ea4bce041bed83050f78a135c3b
-
SHA256
5078a0940abc31a7fa271483ac345044a91a0e21c517bceb85091cd3fca310f7
-
SHA512
e833072c48f3f5ec9a3bb7134d402f8858f8a0722c0066db5303944016f696985edde773e3949ccf590b63e4fe8434c17d19d193ab264009a4a8604ef85da2b6
Score10/10-
Nemty
Ransomware discovered in late 2019 which has been actively developed/updated over time.
-
suricata: ET MALWARE Win32/Nemty Ransomware Style Geo IP Check M1
-
suricata: ET MALWARE Win32/Nemty Ransomware Style Geo IP Check M2
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-