General
-
Target
d86aa15cc22ec15a298de3f16476b5bd77030bdaef2c16ed0c44cbe8e359158d
-
Size
65KB
-
Sample
220201-bq89zsefgj
-
MD5
fb8b367990f36fba9f5b829596598719
-
SHA1
00d4b4d3e87189fc33969167d2af14aabaff09eb
-
SHA256
d86aa15cc22ec15a298de3f16476b5bd77030bdaef2c16ed0c44cbe8e359158d
-
SHA512
b51a3b29a3dc6eeaa4eb5b7b9fd1c6d7627f448dd0a66b32ba8b55da3ec8f04857419d5643caf4bcda603049d269a409e0adc988db1723b5376771de1a4558be
Static task
static1
Behavioral task
behavioral1
Sample
d86aa15cc22ec15a298de3f16476b5bd77030bdaef2c16ed0c44cbe8e359158d.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
d86aa15cc22ec15a298de3f16476b5bd77030bdaef2c16ed0c44cbe8e359158d.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\Program Files (x86)\Microsoft Sync Framework\v1.0\Documentation\1033\License Agreements\EA302E-Readme.txt
netwalker
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Targets
-
-
Target
d86aa15cc22ec15a298de3f16476b5bd77030bdaef2c16ed0c44cbe8e359158d
-
Size
65KB
-
MD5
fb8b367990f36fba9f5b829596598719
-
SHA1
00d4b4d3e87189fc33969167d2af14aabaff09eb
-
SHA256
d86aa15cc22ec15a298de3f16476b5bd77030bdaef2c16ed0c44cbe8e359158d
-
SHA512
b51a3b29a3dc6eeaa4eb5b7b9fd1c6d7627f448dd0a66b32ba8b55da3ec8f04857419d5643caf4bcda603049d269a409e0adc988db1723b5376771de1a4558be
Score10/10-
Netwalker Ransomware
Ransomware family with multiple versions. Also known as MailTo.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-