MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9093233af919545a06bb718dd45e2b033be1caaf0844eec11c1f4cb8c0df3527. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Nemty

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	9093233af919545a06bb718dd45e2b033be1caaf0844eec11c1f4cb8c0df3527
SHA3-384 hash:	397394e038ef5637ce7afbe20b31d4bbb52fdcd6e413f077f4b8a239f7295b0b9086647c7f2faa2992f9b24bc4aeec37
SHA1 hash:	897e16cc895fd5e53512e32fa8a12c21fb5f1de6
MD5 hash:	f37cebdff5de994383f34bcef4131cdf
humanhash:	white-twenty-tennis-wyoming
File name:	9093233af919545a06bb718dd45e2b033be1caaf0844eec11c1f4cb8c0df3527
Download:	download sample
Signature	Nemty Create hunting rule
File size:	3'180'032 bytes
First seen:	2020-11-08 09:41:48 UTC
Last seen:	2020-11-08 11:45:32 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	93a138801d9601e4c36e6274c8b9d111 (11 x CobaltStrike, 9 x Snatch, 8 x LaplasClipper)
ssdeep	49152:LfA+GW8fKa+Z2PH7bACeSeGaL5QWaX7fOmY2+ukXksU6FN9:1GW8fKa+u3ADjMKBuqU6J
Threatray	8 similar samples on MalwareBazaar
TLSH	2BE56C06FCE618F6C6BEF13085659223B632786943313FD71F94997A2A66FD42A3D340
Reporter	JAMESWT_WT
Tags:	DIG IN VISION SP Z O O nemty Ransomware signed

Code Signing Certificate

Organisation:	DIG IN VISION SP Z O O
Issuer:	Sectigo RSA Code Signing CA
Algorithm:	sha256WithRSAEncryption
Valid from:	Nov 3 00:00:00 2020 GMT
Valid to:	Nov 3 23:59:59 2021 GMT
Serial number:	FC7065ABF8303FB472B8AF85918F5C24
Intelligence:	2 malware samples on MalwareBazaar are signed with this code signing certificate
MalwareBazaar Blocklist:	This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:	SHA256
Thumbprint:	EDAA880D9A544E8466B94581C7EC519BDC35BF6A1BCAD6CD93E0926D454C1D6F
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

2

# of downloads :

1'841

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.44381339.193.8756.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a file

Changing a file

Reading critical registry keys

Creating a file in the mass storage device

Stealing user critical data

Encrypting user's files

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Nefilim Ransomware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/3bb3935e-6fa1-462e-b212-73dcf46644aa

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/523920

Signature

Creates files in the recycle bin to hide itself

Found Tor onion address

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9093233af919545a06bb718dd45e2b033be1caaf0844eec11c1f4cb8c0df3527/

Threat name:

Win64.Ransomware.Nemty

Status:

Malicious

First seen:

2020-11-06 19:50:31 UTC

File Type:

PE+ (Exe)

AV detection:

21 of 29 (72.41%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=scjsgoxzdfkfubv3ogg5ixrlam56dsvpbbco5qi4d5glrqg7gutq._file

Verdict:

malicious

Similar samples:

006c9ba4ca0218e7bd2c7c21653497d3215bbeefbc1f5c2781549b306bab8e5e

1a1d7e78c5ac2f804e01206111e915963cf51f680776ed02a15cb8353e5f7759

32b8ffac3250444904e6af3fca1f6408e684f11ad59e6c46887cf44f5de19e6b

67e4e4eb893a2386e782d4d4c7a44eaf70388cad0bb32f30fa3a06e466f583fd

7786483b897971c243102c6203d0f19608524cba52136ae5fa71803e74d55825

bd50fceeb89d220f6710030d3aacbc2427c5796d9b7f3dee8a362f4e7d4113ef

e453400f413b4ad2e996c28b7e72be2d42fc2a8d30e9c91a67a0e0e6915aff7f

fffd5fb4107407ecc42df03dec6cc20d164b651879ac0a77455e07d9fc001a6d

Result

Malware family:

n/a

Score:

10/10

Tags:

ransomware

Link:

https://tria.ge/reports/201108-96gztjy9b2/

Behaviour

Drops desktop.ini file(s)

Modifies extensions of user files

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample