nefilim | 5670c99223078ac71638a076ca00bfc6ceed9a5a6ad34029ea45f6e881683e3f | Triage

Submit
Reports

Overview

overview

Static

static

2daa514408...2e.exe

windows7-x64

2daa514408...2e.exe

windows10-2004-x64

Sharing

General

Target

193e702195e8ed5c50cc482569559462.bin
Size

39KB
Sample

230307-bhhgasge59
MD5

9c3656e5f1149e483d98f80076b75720
SHA1

676df078ed68f5422c9fde6e3fa11247fe956eca
SHA256

5670c99223078ac71638a076ca00bfc6ceed9a5a6ad34029ea45f6e881683e3f
SHA512

a9e54b7400590362e1adefdb3d6da0997ea14ed967355b0622da27f9690ee8e9eee3e1cf782f520e6e6d097fd20fb330f318f9eaa6a0ebad891597d31c9200cc
SSDEEP

768:VHmKsI9UsD0q96sScx+6fGgEZuqRwqdQyxegf79Ffqxp9i9owkw7d3:gYHN96jcx+FgEAqRLGysgfHfqTIEw7x

Score

10^/10

nefilim ransomware

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2daa5144081dd288c1dc936ec27b1c8bd709633450ceb73f235fccd1c3d3c62e.exe

Resource

win7-20230220-en

nefilim ransomware

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

2daa5144081dd288c1dc936ec27b1c8bd709633450ceb73f235fccd1c3d3c62e.exe

Resource

win10v2004-20230220-en

nefilim ransomware

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  2daa5144081dd288c1dc936ec27b1c8bd709633450ceb73f235fccd1c3d3c62e.exe
- Size
  
  70KB
- MD5
  
  193e702195e8ed5c50cc482569559462
- SHA1
  
  47a5307b78fa2c60c20ce63c553aef4a6d5a3e1c
- SHA256
  
  2daa5144081dd288c1dc936ec27b1c8bd709633450ceb73f235fccd1c3d3c62e
- SHA512
  
  d5ae5a8bccfc08bc07834caaebaed7a6cde1911170eb8de99322bf15be3ad111b5042d6401dcb06e64a6a429eee19d964878089af205474b377b77627bb63a35
- SSDEEP
  
  768:lXStkFWTBhyugDC60CPJkEBx9w7mSDh3vkkjvshT3ED18nv04ZPqpb348Uq1krHO:liMWV3gDCk6EBwT/kJbvkbuq1krj0z
Score

10^/10

nefilim ransomware
- Nefilim
  Ransomware first seen in early 2020 which shares code with the Nemty family. Rewritten in Golang in July 2020.
  ransomware nefilim
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nefilimransomware

behavioral2

nefilimransomware

© 2018-2024

Terms | Privacy