General
-
Target
52e25bdd600695cfed0d4ee3aca4f121bfebf0de889593e6ba06282845cf39ea
-
Size
4.2MB
-
Sample
220131-3vls2adfgr
-
MD5
80cfda61942eb4e71f286297a1158f48
-
SHA1
6c9ae388fa5d723a458de0d2bea3eb63bc921af7
-
SHA256
52e25bdd600695cfed0d4ee3aca4f121bfebf0de889593e6ba06282845cf39ea
-
SHA512
5e02f22c9c367d2111d4b1a6000691286da04c52aae9fd7b716b0911e31256aa679ac227d24443bfd75450b1dd7f9c20eae0593d1fc42324b9281852e20fcbe7
Static task
static1
Behavioral task
behavioral1
Sample
52e25bdd600695cfed0d4ee3aca4f121bfebf0de889593e6ba06282845cf39ea.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
52e25bdd600695cfed0d4ee3aca4f121bfebf0de889593e6ba06282845cf39ea.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\NEFILIM-DECRYPT.txt
Targets
-
-
Target
52e25bdd600695cfed0d4ee3aca4f121bfebf0de889593e6ba06282845cf39ea
-
Size
4.2MB
-
MD5
80cfda61942eb4e71f286297a1158f48
-
SHA1
6c9ae388fa5d723a458de0d2bea3eb63bc921af7
-
SHA256
52e25bdd600695cfed0d4ee3aca4f121bfebf0de889593e6ba06282845cf39ea
-
SHA512
5e02f22c9c367d2111d4b1a6000691286da04c52aae9fd7b716b0911e31256aa679ac227d24443bfd75450b1dd7f9c20eae0593d1fc42324b9281852e20fcbe7
Score10/10-
Nefilim
Ransomware first seen in early 2020 which shares code with the Nemty family. Rewritten in Golang in July 2020.
-
Nefilim Ransomware Executable
File contains patterns typical of Nefilim samples.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Sets service image path in registry
-
Loads dropped DLL
-
Adds Run key to start application
-