Behavioral task
behavioral1
Sample
2023-04-15_964925f0c7b06b2bdd3d481ccb4bb1b2_nefilim.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
2023-04-15_964925f0c7b06b2bdd3d481ccb4bb1b2_nefilim.exe
Resource
win10v2004-20230221-en
General
-
Target
2023-04-15_964925f0c7b06b2bdd3d481ccb4bb1b2_nefilim
-
Size
80KB
-
MD5
964925f0c7b06b2bdd3d481ccb4bb1b2
-
SHA1
f523259fd968e89359226b36cffd526e24c886e6
-
SHA256
38047530671ee9c9c49f8e0d82e1efd3567287a8c778f5b25cf06ea389d3e897
-
SHA512
cd4d5ac18305d97319d3ba6d1c40443f04c9157e3cfb6d4229c2566837eccc074204b98a5c1c6a5fd6247f73631bc9b2a822baf0733a12fe799bc59b82c713b2
-
SSDEEP
768:lXStkFWTBhyugDC60CPJkEBx9w7mSDh3vkkjvshT3ED18nv04Zbqpb348Uq1krHT:liMWV3gDCk6EBwT/kJbvobuq1krj0
Malware Config
Signatures
-
Nefilim family
-
Nefilim ransomware executable 1 IoCs
File contains patterns typical of Nefilim samples.
Processes:
resource yara_rule sample nefilim_ransomware
Files
-
2023-04-15_964925f0c7b06b2bdd3d481ccb4bb1b2_nefilim.exe windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ