General
-
Target
4003130247f2cab8b87f3d8de23293ddbc9568dbac75ad594abc7e01a04390d3
-
Size
87KB
-
Sample
220201-h5fdsabca3
-
MD5
c96613c857018555f3a5bc227567e6e7
-
SHA1
a402f5e46c8e056c9e9494f7e83902e0fcae3a61
-
SHA256
4003130247f2cab8b87f3d8de23293ddbc9568dbac75ad594abc7e01a04390d3
-
SHA512
086fa536e03882efe6eb79a6f56d954205e00c37885f5d23f8eae47702125d7fed2a8c76d6d2e01d6eeb175f273185844a6494847bef2f0f805560867f075c41
Static task
static1
Behavioral task
behavioral1
Sample
4003130247f2cab8b87f3d8de23293ddbc9568dbac75ad594abc7e01a04390d3.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
4003130247f2cab8b87f3d8de23293ddbc9568dbac75ad594abc7e01a04390d3.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\NEMTY_YX2KTOA-DECRYPT.txt
nemty
http://nemty.top/public/pay.php
http://zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion/public/pay.php
Extracted
C:\NEMTY_WJ29D2J-DECRYPT.txt
nemty
http://nemty.top/public/pay.php
http://zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion/public/pay.php
Targets
-
-
Target
4003130247f2cab8b87f3d8de23293ddbc9568dbac75ad594abc7e01a04390d3
-
Size
87KB
-
MD5
c96613c857018555f3a5bc227567e6e7
-
SHA1
a402f5e46c8e056c9e9494f7e83902e0fcae3a61
-
SHA256
4003130247f2cab8b87f3d8de23293ddbc9568dbac75ad594abc7e01a04390d3
-
SHA512
086fa536e03882efe6eb79a6f56d954205e00c37885f5d23f8eae47702125d7fed2a8c76d6d2e01d6eeb175f273185844a6494847bef2f0f805560867f075c41
Score10/10-
Nemty
Ransomware discovered in late 2019 which has been actively developed/updated over time.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-