Extracted

• • Target

    df17933406a8f189b5a3ac728e0437ac178a6139ce18d9c25c3ba53b7e8fb712

  • Size

    66KB

  • MD5

    c38cf7a56a285bbd15156032494f2432

  • SHA1

    1b2ca5c1454cd0cf0032e2ae09f8604fb896c580

  • SHA256

    df17933406a8f189b5a3ac728e0437ac178a6139ce18d9c25c3ba53b7e8fb712

  • SHA512

    bd375a8b77eacac3ba2015d11e56f8ece41fe4f45cda1bcdc0b64eda9b6e7988084a5a4870b911ddd51fd4b25415b2d9996fa8ef9a63620c8012f4a8cacabcf0

  Score

  10^/10

  nefilimransomwarepersistence

  • Nefilim

    Ransomware first seen in early 2020 which shares code with the Nemty family. Rewritten in Golang in July 2020.

    ransomwarenefilim

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Sets service image path in registry

    persistence

  • Deletes itself

  behavioral1behavioral2