General
-
Target
4df67a9e8abab33856a586cea38b0d365fbbe0d91ee848f270c65f0125d2d677.bin
-
Size
69KB
-
Sample
201109-wse7986dnx
-
MD5
5ce75526a25c81d0178d8092251013f0
-
SHA1
1e1b1c4ae648786fe429c9ddd2182e0d58bcf423
-
SHA256
4df67a9e8abab33856a586cea38b0d365fbbe0d91ee848f270c65f0125d2d677
-
SHA512
740b9dba2119736e3b9e4c47654c264770d6bca4fe5b46ce32a33acfc09278a559cba9c72478d304e85654f381925e1204422b75c1e13fd26f4ab2511316e205
Static task
static1
Behavioral task
behavioral1
Sample
4df67a9e8abab33856a586cea38b0d365fbbe0d91ee848f270c65f0125d2d677.bin.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
4df67a9e8abab33856a586cea38b0d365fbbe0d91ee848f270c65f0125d2d677.bin.exe
Resource
win10v20201028
Malware Config
Extracted
C:\Users\Admin\8FC5A3-Readme.txt
netwalker
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Extracted
C:\Users\Admin\Downloads\8FC5A3-Readme.txt
netwalker
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Extracted
C:\Users\Admin\AppData\Roaming\8FC5A3-Readme.txt
netwalker
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Extracted
C:\810DE7-Readme.txt
netwalker
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Extracted
C:\Users\Admin\Music\810DE7-Readme.txt
netwalker
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Targets
-
-
Target
4df67a9e8abab33856a586cea38b0d365fbbe0d91ee848f270c65f0125d2d677.bin
-
Size
69KB
-
MD5
5ce75526a25c81d0178d8092251013f0
-
SHA1
1e1b1c4ae648786fe429c9ddd2182e0d58bcf423
-
SHA256
4df67a9e8abab33856a586cea38b0d365fbbe0d91ee848f270c65f0125d2d677
-
SHA512
740b9dba2119736e3b9e4c47654c264770d6bca4fe5b46ce32a33acfc09278a559cba9c72478d304e85654f381925e1204422b75c1e13fd26f4ab2511316e205
Score10/10-
Netwalker Ransomware
Ransomware family with multiple versions. Also known as MailTo.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Modifies service
-