nefilim | 2daa5144081dd288c1dc936ec27b1c8bd709633450ceb73f235fccd1c3d3c62e | Triage

Submit
Reports

Overview

overview

Static

static

2023-03-02...im.exe

windows7-x64

2023-03-02...im.exe

windows10-2004-x64

Sharing

General

Target

2023-03-02_193e702195e8ed5c50cc482569559462_nefilim.exe
Size

70KB
Sample

230305-qyjrmafh91
MD5

193e702195e8ed5c50cc482569559462
SHA1

47a5307b78fa2c60c20ce63c553aef4a6d5a3e1c
SHA256

2daa5144081dd288c1dc936ec27b1c8bd709633450ceb73f235fccd1c3d3c62e
SHA512

d5ae5a8bccfc08bc07834caaebaed7a6cde1911170eb8de99322bf15be3ad111b5042d6401dcb06e64a6a429eee19d964878089af205474b377b77627bb63a35
SSDEEP

768:lXStkFWTBhyugDC60CPJkEBx9w7mSDh3vkkjvshT3ED18nv04ZPqpb348Uq1krHO:liMWV3gDCk6EBwT/kJbvkbuq1krj0z

Score

10^/10

nefilim ransomware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2023-03-02_193e702195e8ed5c50cc482569559462_nefilim.exe

Resource

win7-20230220-en

nefilim ransomware

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

2023-03-02_193e702195e8ed5c50cc482569559462_nefilim.exe

Resource

win10v2004-20230221-en

nefilim ransomware

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  2023-03-02_193e702195e8ed5c50cc482569559462_nefilim.exe
- Size
  
  70KB
- MD5
  
  193e702195e8ed5c50cc482569559462
- SHA1
  
  47a5307b78fa2c60c20ce63c553aef4a6d5a3e1c
- SHA256
  
  2daa5144081dd288c1dc936ec27b1c8bd709633450ceb73f235fccd1c3d3c62e
- SHA512
  
  d5ae5a8bccfc08bc07834caaebaed7a6cde1911170eb8de99322bf15be3ad111b5042d6401dcb06e64a6a429eee19d964878089af205474b377b77627bb63a35
- SSDEEP
  
  768:lXStkFWTBhyugDC60CPJkEBx9w7mSDh3vkkjvshT3ED18nv04ZPqpb348Uq1krHO:liMWV3gDCk6EBwT/kJbvkbuq1krj0z
Score

10^/10

nefilim ransomware
- Nefilim
  Ransomware first seen in early 2020 which shares code with the Nemty family. Rewritten in Golang in July 2020.
  ransomware nefilim
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nefilimransomware

behavioral2

nefilimransomware

© 2018-2024

Terms | Privacy