General
-
Target
444169e156b48a54e9f96b6b3a1c333670546663c8a2e14e561884c052420043
-
Size
69KB
-
Sample
201109-ygn5xhkgcs
-
MD5
addc865f61694906aa18756f722e1b56
-
SHA1
c4483ac873b4ee8623a65e682ffaa0535091f56a
-
SHA256
444169e156b48a54e9f96b6b3a1c333670546663c8a2e14e561884c052420043
-
SHA512
6243310416203edf01d2c797c282005c20c49a22c8ab64b8a51967dda7e50f1a1ac89a61694b1277019c5373f3bf7262a13e783d4018884bbb9f3c9703bf9e34
Static task
static1
Behavioral task
behavioral1
Sample
444169e156b48a54e9f96b6b3a1c333670546663c8a2e14e561884c052420043.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
444169e156b48a54e9f96b6b3a1c333670546663c8a2e14e561884c052420043.exe
Resource
win10v20201028
Malware Config
Extracted
C:\Program Files (x86)\Common Files\Adobe AIR\57A070-Readme.txt
netwalker
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Extracted
C:\Program Files\Java\jdk1.7.0_80\57A070-Readme.txt
netwalker
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Extracted
C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\57A070-Readme.txt
netwalker
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Extracted
C:\Users\Public\Libraries\591B12-Readme.txt
netwalker
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Extracted
C:\Users\Admin\AppData\Roaming\591B12-Readme.txt
netwalker
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Extracted
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\591B12-Readme.txt
netwalker
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Targets
-
-
Target
444169e156b48a54e9f96b6b3a1c333670546663c8a2e14e561884c052420043
-
Size
69KB
-
MD5
addc865f61694906aa18756f722e1b56
-
SHA1
c4483ac873b4ee8623a65e682ffaa0535091f56a
-
SHA256
444169e156b48a54e9f96b6b3a1c333670546663c8a2e14e561884c052420043
-
SHA512
6243310416203edf01d2c797c282005c20c49a22c8ab64b8a51967dda7e50f1a1ac89a61694b1277019c5373f3bf7262a13e783d4018884bbb9f3c9703bf9e34
Score10/10-
Netwalker Ransomware
Ransomware family with multiple versions. Also known as MailTo.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Modifies service
-