General
-
Target
598d2938b1a8d8e2a03e40d109d1299fe82b72e2d2a6364b6bfabfccdcd729a6
-
Size
66KB
-
Sample
220201-bxec7aegel
-
MD5
83059fd8732ea6d7fbff2e717c432fac
-
SHA1
036cc83046013318b9e8809845a9ef211165ec34
-
SHA256
598d2938b1a8d8e2a03e40d109d1299fe82b72e2d2a6364b6bfabfccdcd729a6
-
SHA512
b534c892c790dadb14e2abe12c892e1033dddcc695f018d4984e651f14f57022ec92e88c2904b8e3669ae8203b5b7a927a1519482e646978e0d1e4a1c90b2aef
Malware Config
Extracted
C:\Users\Admin\Contacts\8B711E-Readme.txt
netwalker
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Targets
-
-
Target
598d2938b1a8d8e2a03e40d109d1299fe82b72e2d2a6364b6bfabfccdcd729a6
-
Size
66KB
-
MD5
83059fd8732ea6d7fbff2e717c432fac
-
SHA1
036cc83046013318b9e8809845a9ef211165ec34
-
SHA256
598d2938b1a8d8e2a03e40d109d1299fe82b72e2d2a6364b6bfabfccdcd729a6
-
SHA512
b534c892c790dadb14e2abe12c892e1033dddcc695f018d4984e651f14f57022ec92e88c2904b8e3669ae8203b5b7a927a1519482e646978e0d1e4a1c90b2aef
Score10/10-
Netwalker Ransomware
Ransomware family with multiple versions. Also known as MailTo.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-