General
-
Target
de04d2402154f676f757cf1380671f396f3fc9f7dbb683d9461edd2718c4e09d
-
Size
94KB
-
Sample
211020-lbfn8shgdq
-
MD5
993b73d6490bc5a7e23e02210b317247
-
SHA1
6fd314af34409e945504e166eb8cd88127c1070e
-
SHA256
de04d2402154f676f757cf1380671f396f3fc9f7dbb683d9461edd2718c4e09d
-
SHA512
417f55a066896695ce1b8d998767f706005d3d6f1792f2b86261a235034a6c3bb1deae6920857fbc710d22b833479b2cbeafd92735381f1cc357adcc8a74c55d
Static task
static1
Behavioral task
behavioral1
Sample
de04d2402154f676f757cf1380671f396f3fc9f7dbb683d9461edd2718c4e09d.exe
Resource
win10-en-20210920
Malware Config
Extracted
C:\odt\A2D63-Readme.txt
netwalker
knoocknoo@cock.li
eeeooppaaaxxx@tuta.io
Extracted
C:\Users\Admin\AppData\Roaming\A2D63-Readme.txt
netwalker
knoocknoo@cock.li
eeeooppaaaxxx@tuta.io
Targets
-
-
Target
de04d2402154f676f757cf1380671f396f3fc9f7dbb683d9461edd2718c4e09d
-
Size
94KB
-
MD5
993b73d6490bc5a7e23e02210b317247
-
SHA1
6fd314af34409e945504e166eb8cd88127c1070e
-
SHA256
de04d2402154f676f757cf1380671f396f3fc9f7dbb683d9461edd2718c4e09d
-
SHA512
417f55a066896695ce1b8d998767f706005d3d6f1792f2b86261a235034a6c3bb1deae6920857fbc710d22b833479b2cbeafd92735381f1cc357adcc8a74c55d
Score10/10-
Detected Netwalker Ransomware
Detected unpacked Netwalker executable.
-
Netwalker Ransomware
Ransomware family with multiple versions. Also known as MailTo.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-