netwalker | 25959cfe4619126ab554d3111b875218f1dbfadd79eed1ed0f6a8c1900fa36e0 | Triage

Submit
Reports

Overview

overview

Static

static

25959cfe46...e0.exe

windows7_x64

25959cfe46...e0.exe

windows10_x64

Sharing

General

Target

25959cfe4619126ab554d3111b875218f1dbfadd79eed1ed0f6a8c1900fa36e0
Size

308KB
Sample

210305-9nj6dfky4n
MD5

c067e0a2d7fc6092bb77abc7f7156b60
SHA1

52f68073caec0fd424c7cbaaed5f5221d7103d20
SHA256

25959cfe4619126ab554d3111b875218f1dbfadd79eed1ed0f6a8c1900fa36e0
SHA512

685145c679413f82101c328ce4264c5f84d0347db1c5170e16d8a459b9ad12a87bf5e718e049e5c9c639e22197ee26d4aa33fac8c133b9d86772dfe1a8068dfc

Score

10^/10

netwalker smokeloader backdoor cryptone packer ransomware trojan

Static task

static1

cryptone packer netwalker

Behavioral task

behavioral1

Sample

25959cfe4619126ab554d3111b875218f1dbfadd79eed1ed0f6a8c1900fa36e0.exe

Resource

win7v20201028

smokeloader backdoor trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

25959cfe4619126ab554d3111b875218f1dbfadd79eed1ed0f6a8c1900fa36e0.exe

Resource

win10v20201028

netwalker smokeloader backdoor cryptone packer ransomware trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://pukupoko.top/

http://halyavapridi.top/

http://holofrew.me/

rc4.i32

rc4.i32

Targets

- Target
  
  25959cfe4619126ab554d3111b875218f1dbfadd79eed1ed0f6a8c1900fa36e0
- Size
  
  308KB
- MD5
  
  c067e0a2d7fc6092bb77abc7f7156b60
- SHA1
  
  52f68073caec0fd424c7cbaaed5f5221d7103d20
- SHA256
  
  25959cfe4619126ab554d3111b875218f1dbfadd79eed1ed0f6a8c1900fa36e0
- SHA512
  
  685145c679413f82101c328ce4264c5f84d0347db1c5170e16d8a459b9ad12a87bf5e718e049e5c9c639e22197ee26d4aa33fac8c133b9d86772dfe1a8068dfc
Score

10^/10

smokeloader backdoor trojan netwalker cryptone packer ransomware
- Detected Netwalker Ransomware
  Detected unpacked Netwalker executable.
- Netwalker Ransomware
  Ransomware family with multiple versions. Also known as MailTo.
  ransomware netwalker
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

cryptonepackernetwalker

behavioral1

smokeloaderbackdoortrojan

behavioral2

netwalkersmokeloaderbackdoorcryptonepackerransomwaretrojan

© 2018-2024

Terms | Privacy