General
-
Target
b90e8a558e2fa4976a5c4df3304bec2264775a8efa22ac0ceb821fa18977bcd6
-
Size
65KB
-
Sample
220201-bse4xsfca8
-
MD5
045063e4b4e0ce9538b00a2282b91c94
-
SHA1
68f53ae18fc5802ee7e14bd59fe244591cb01a6f
-
SHA256
b90e8a558e2fa4976a5c4df3304bec2264775a8efa22ac0ceb821fa18977bcd6
-
SHA512
732fbaf551b715816ea5f9467463c89487917e56f3b82794633412cd4b9987942c7c1d6abc6ed5607af078c0f26cbca504cf8b19fe3bf3713e2bd2a2b6ca579e
Static task
static1
Behavioral task
behavioral1
Sample
b90e8a558e2fa4976a5c4df3304bec2264775a8efa22ac0ceb821fa18977bcd6.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
b90e8a558e2fa4976a5c4df3304bec2264775a8efa22ac0ceb821fa18977bcd6.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_15ac16619585aa27282df5e4c6acd0916524a313_cab_00f44e8c\35CF47-Readme.txt
netwalker
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Extracted
C:\Program Files (x86)\Adobe\Acrobat Reader DC\49A39C-Readme.txt
netwalker
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Targets
-
-
Target
b90e8a558e2fa4976a5c4df3304bec2264775a8efa22ac0ceb821fa18977bcd6
-
Size
65KB
-
MD5
045063e4b4e0ce9538b00a2282b91c94
-
SHA1
68f53ae18fc5802ee7e14bd59fe244591cb01a6f
-
SHA256
b90e8a558e2fa4976a5c4df3304bec2264775a8efa22ac0ceb821fa18977bcd6
-
SHA512
732fbaf551b715816ea5f9467463c89487917e56f3b82794633412cd4b9987942c7c1d6abc6ed5607af078c0f26cbca504cf8b19fe3bf3713e2bd2a2b6ca579e
Score10/10-
Netwalker Ransomware
Ransomware family with multiple versions. Also known as MailTo.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-