General
-
Target
ffabb87c3fe025f93c3140c73685388d966f168077ac0e86a9499c9c97c77ba9
-
Size
69KB
-
Sample
220201-bnc4rsefcl
-
MD5
a7574cc419d469f9ad3548189e9abdb4
-
SHA1
06a2cb118c0e1de5384de855901807495cfb94eb
-
SHA256
ffabb87c3fe025f93c3140c73685388d966f168077ac0e86a9499c9c97c77ba9
-
SHA512
18ed7e45b9b6a97e05d283564171b2e37c0219ecf92152bb5721a182562272776f2615c41a1a62912c17f087141abe680d1313bfd2a9fb6e7099f144f0e3de30
Static task
static1
Behavioral task
behavioral1
Sample
ffabb87c3fe025f93c3140c73685388d966f168077ac0e86a9499c9c97c77ba9.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
ffabb87c3fe025f93c3140c73685388d966f168077ac0e86a9499c9c97c77ba9.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\C79F45-Readme.txt
netwalker
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Extracted
C:\ProgramData\Microsoft\User Account Pictures\5F31EA-Readme.txt
netwalker
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Targets
-
-
Target
ffabb87c3fe025f93c3140c73685388d966f168077ac0e86a9499c9c97c77ba9
-
Size
69KB
-
MD5
a7574cc419d469f9ad3548189e9abdb4
-
SHA1
06a2cb118c0e1de5384de855901807495cfb94eb
-
SHA256
ffabb87c3fe025f93c3140c73685388d966f168077ac0e86a9499c9c97c77ba9
-
SHA512
18ed7e45b9b6a97e05d283564171b2e37c0219ecf92152bb5721a182562272776f2615c41a1a62912c17f087141abe680d1313bfd2a9fb6e7099f144f0e3de30
Score10/10-
Netwalker Ransomware
Ransomware family with multiple versions. Also known as MailTo.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-