- First seen: June 2017
- Aliases: Nyetna,EternalPetya
- Samples:
- 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745 | windows | ransom | pe
| Property | Value |
|---|---|
| Size | 362360 bytes |
| CRC32 | 0x673f086c |
| MD5 | 71b6a493388e7d0b40c83ce903bc6b04 |
| SHA1 | 34f917aaba5684fbe56d3c57d48ef2a1aa7cf06d |
| SHA256 | 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745 |
| SHA512 | 072205eca5099d9269f358fe534b370ff21a4f12d7938d6d2e2713f69310f0698e53b8aff062849f0b2a521f68bee097c1840993825d2a5a3aa8cf4145911c6f |
| Ssdeep | 6144:y/Bt80VmNTBo/x95ZjAetGDN3VFNq7pC+9OqFoK30b3ni5rdQY/CdUOs2:y/X4NTS/x9jNG+w+9OqFoK323qdQYKUG |
| Magic | PE32 executable (DLL) (console) Intel 80386, for MS Windows |
| Packer | PE: compiler: Microsoft Visual C/C++(2010 SP1)[-] PE: linker: Microsoft Linker(10.0)[DLL32,console,signed] |
| TrID | 37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 12.7% (.EXE) Win64 Executable (generic) (10523/12/4) 7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.1% (.EXE) Win16 NE executable (generic) (5038/12/1) |
- Avast: MBR:Ransom-C [Trj]
- Avira: TR/Ransom.ME.12
- Bitdefender: Trojan.Ransom.GoldenEye.B
- Clamav: Win.Exploit.CVE_2017_0147-6331310-0
- Comodo: TrojWare.Win32.Ransom.Petya.jte
- Drweb: Trojan.Encoder.12544
- Eset: Win32/Diskcoder.C
- Fsecure: Trojan.TR/Ransom.ME.12
- Kaspersky: Trojan-Ransom.Win32.Petr.xw
- Mcafee: Generic.acn
- Sophos: Troj/Ransom-EOB
- Symantec: Ransom.Petya
- Trendmicro: Ransom_PETYA.TH627
- Windefender: Ransom:Win32/Petya- https://www.crowdstrike.com/blog/petrwrap-ransomware-technical-analysis-triple-threat-file-encryption-mft-encryption-credential-theft/
- https://gallery.logrhythm.com/threat-intelligence-reports/notpetya-technical-analysis-logrhythm-labs-threat-intelligence-report.pdf
- https://github.com/RoanH/NotPetya/blob/master/2IC80%20Lab%20Report%20Group%2051.pdf