MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08c7dfde13ade4b13350ae290616d7c2f4a87cbeac9a3886e90a175ee40fb641. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Nefilim

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	08c7dfde13ade4b13350ae290616d7c2f4a87cbeac9a3886e90a175ee40fb641
SHA3-384 hash:	a9243e1885c53197af6db7a7ca9f815cd407ee524dc6dbecca5077b3ff2bd1889d10c10ece7ac919966483d710f00a0b
SHA1 hash:	e53d4b589f5c5ef6afd23299550f70c69bc2fe1c
MD5 hash:	5ff20e2b723edb2d0fb27df4fc2c4468
humanhash:	charlie-triple-black-queen
File name:	08c7dfde13ade4b13350ae290616d7c2f4a87cbeac9a3886e90a175ee40fb641.bin
Download:	download sample
Signature	Nefilim Create hunting rule
File size:	67'376 bytes
First seen:	2020-07-27 06:54:50 UTC
Last seen:	2020-07-27 07:50:40 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	3ee8aa55414a94ea0a841ea0069bd261 (3 x Nefilim)
ssdeep	768:CXStkFWTBhyugDC60CPJkEBx9w7mSDh3vkkjvshT3ED18nv04ZPqpb348Uq1kFjs:CiMWV3gDCk6EBwT/kJbvkbuq1kFjp
Threatray	44 similar samples on MalwareBazaar
TLSH	5F637D1636A58432E8B31A7058B0E762DE6B7D525B70C2CB2B98126A5FF03C15F3537B
Reporter	JAMESWT_WT
Tags:	Nefilim Ransomware signed

Code Signing Certificate

Organisation:	Inter Med Pty. Ltd.
Issuer:	Sectigo RSA Code Signing CA
Algorithm:	sha256WithRSAEncryption
Valid from:	2020-03-06T00:00:00Z
Valid to:	2021-03-06T23:59:59Z
Serial number:	39f56251df2088223cc03494084e6081
MalwareBazaar Blocklist:	This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:	SHA256
Thumbprint:	66f32cf78b8f685a2c6f5bf361c9b0f9a9678de11a8e7931e2205d0ef65af05c
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

1'589

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/32689/

Detection(s):

PUA.Win.Adware.Browsefox-6628766-0

PUA.Win.Trojan.Generic-6629274-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %AppData% subdirectories

Creating a window

Result

Threat name:

Nefilim

Detection:

malicious

Classification:

rans.spyw.evad

Score:

72 / 100

Link:

https://www.joesandbox.com/analysis/329939

Behaviour

Behavior Graph:

n/a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/08c7dfde13ade4b13350ae290616d7c2f4a87cbeac9a3886e90a175ee40fb641/

Threat name:

Win32.Ransomware.NefiCrypt

Status:

Malicious

First seen:

2020-03-12 17:24:24 UTC

File Type:

PE (Exe)

AV detection:

40 of 48 (83.33%)

Threat level:

5/5

Verdict:

malicious

Result

Malware family:

nefilim

Score:

10/10

Tags:

family:nefilim

Link:

https://tria.ge/reports/200727-rx7ymk92j2/

Behaviour

Nefilim Ransomware Executable

Nefilim family

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Filecoder

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/08c7dfde13ade4b13350ae290616d7c2f4a87cbeac9a3886e90a175ee40fb641

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/32689/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample