Moisha Ransomware

Moisha Ransomware
Moisha Ransomware ia a .Net-based ransomware by a threat actor PT_Moisha. It is suspected that it is active since late July 2022. It uses AES and RSA for encrypting its victims files. It encrypts files that are less than 2 GB for efficiency. It not only encrypts data but steal it and ask its victims to pay $10k for not selling it in black marker to releasing it publicly. Moisha will remove some file names, director names, and extensions in the encryption method. Once completed, the malware removes itself through the PowerShell command line.

Moisha Ransomware Signatures

Family: Ransom:Win32/Moisha!MSR
MD5: d197883d8745a61fe25aebea85622a65
SHA256: b3ebc327773f5f846deeb1255475644a630c4d0d3b4eda3bbf995a36599c07cf

Moisha Ransomware Download

Download Moisha Ransomware Sample