Nemty

Description

Nemty is a ransomware that was discovered in September 2019. Fortinet states that they found it being distributed through similar ways as Sodinokibi and also noted artfifacts they had seen before in Gandcrab.

External Analysis
http://www.secureworks.com/research/threat-profiles/gold-mansard
https://docs.google.com/spreadsheets/d/1MI8Z2tBhmqQ5X8Wf_ozv3dVjz5sJOs-3
https://github.com/albertzsigovits/malware-notes/blob/master/Nemty.md
https://go.crowdstrike.com/rs/281-OBQ-266/images/Report2021GTR.pdf
https://labs.sentinelone.com/meet-nemty-successor-nefilim-nephilim-ransomware/
https://medium.com/csis-techblog/inside-view-of-brazzzersff-infrastructure-89b9188fd145
https://medium.com/csis-techblog/the-nemty-affiliate-model-13f5cf7ab66b
https://raw.githubusercontent.com/k-vitali/Malware-Misc-RE/master/2019-08-24-nemty-ransomware-notes.vk.raw
https://securelist.com/evolution-of-jsworm-ransomware/102428/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/nemty-ransomware-trik-botnet
https://www.bleepingcomputer.com/news/security/fake-paypal-site-spreads-nemty-ransomware/
https://www.bleepingcomputer.com/news/security/nemty-ransomware-decryptor-released-recover-files-for-free/
https://www.bleepingcomputer.com/news/security/nemty-ransomware-gets-distribution-from-rig-exploit-kit/
https://www.bleepingcomputer.com/news/security/new-nemty-ransomware-may-spread-via-compromised-rdp-connections/
https://www.bleepingcomputer.com/news/security/three-more-ransomware-families-create-sites-to-leak-stolen-data/
https://www.cronup.com/post/de-ataque-con-malware-a-incidente-de-ransomware
https://www.cyborgsecurity.com/cyborg_labs/hunting-ransomware-inhibiting-system-backup-or-recovery/
https://www.fortinet.com/blog/threat-research/nemty-ransomware-early-stage-threat.html
https://www.lastline.com/labsblog/nemty-ransomware-scaling-up-apac-mailboxes-swarmed-dual-downloaders/
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/nemty-ransomware-learning-by-doing/
https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/paas-or-how-hackers-evade-antivirus-software/
https://www.sentinelone.com/labs/karma-ransomware-an-emerging-threat-with-a-hint-of-nemty-pedigree/
https://www.sentinelone.com/labs/nokoyawa-ransomware-new-karma-nemty-variant-wears-thin-disguise/
https://www.symantec.broadcom.com/hubfs/SED/SED_Threat_Hunter_Reports_Alerts/SED_FY22Q2_SES_Ransomware-Threat-Landscape_WP.pdf
https://www.tesorion.nl/en/posts/nemty-update-decryptors-for-nemty-1-5-and-1-6/
https://www.tesorion.nl/nemty-update-decryptors-for-nemty-1-5-and-1-6/
https://www.welivesecurity.com/wp-content/uploads/2020/07/ESET_Threat_Report_Q22020.pdf
Urls
Screen
http://zjoxyw5mkacojk5ptn2iprkivg5clow72mjkyk5ttubzxprjjnwapkad.onion