Moisha Ransomware Propose Change

Moisha is a .NET-based ransomware that employs double extortion techniques to encrypt and exfiltrate data from victims. Upon execution, it creates a global mutex to ensure only one instance of the malware runs on the affected system. It then stops services such as backup and antivirus to avoid interference during the encryption process. Moisha disables real-time protection in Microsoft Defender and removes shadow copies using PowerShell and Vssadmin. It encrypts files on the system using RSA and AES encryption algorithms and places a ransom note in the affected directory. The note instructs victims to contact the attackers via a Moisha ID on TOX Messenger to negotiate the ransom. Additionally, Moisha spreads to other machines on the network and self-deletes using PowerShell command line.

References

There is no Yara-Signature yet.