General
-
Target
4f7bdda79e389d6660fca8e2a90a175307a7f615fa7673b10ee820d9300b5c60.exe
-
Size
65KB
-
Sample
220523-xde19sbgc3
-
MD5
eaef25ab1f59492ffc735a386294b69f
-
SHA1
76cc795c39cc19465c24825dc5ebafd7f944ea7e
-
SHA256
4f7bdda79e389d6660fca8e2a90a175307a7f615fa7673b10ee820d9300b5c60
-
SHA512
a812186ff05baa0c194abc2b4becc145f312b885068773f994658ecac2bfd8e1c85acdfe3774728541ed966f46a872d19fee17a53cc07f3f8e2e94be0cdef1c4
Static task
static1
Behavioral task
behavioral1
Sample
4f7bdda79e389d6660fca8e2a90a175307a7f615fa7673b10ee820d9300b5c60.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4f7bdda79e389d6660fca8e2a90a175307a7f615fa7673b10ee820d9300b5c60.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\ProgramData\Microsoft\User Account Pictures\0A3334-Readme.txt
netwalker
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Extracted
C:\Users\Admin\Desktop\90AFE4-Readme.txt
netwalker
http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion
http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion
Targets
-
-
Target
4f7bdda79e389d6660fca8e2a90a175307a7f615fa7673b10ee820d9300b5c60.exe
-
Size
65KB
-
MD5
eaef25ab1f59492ffc735a386294b69f
-
SHA1
76cc795c39cc19465c24825dc5ebafd7f944ea7e
-
SHA256
4f7bdda79e389d6660fca8e2a90a175307a7f615fa7673b10ee820d9300b5c60
-
SHA512
a812186ff05baa0c194abc2b4becc145f312b885068773f994658ecac2bfd8e1c85acdfe3774728541ed966f46a872d19fee17a53cc07f3f8e2e94be0cdef1c4
Score10/10-
Netwalker Ransomware
Ransomware family with multiple versions. Also known as MailTo.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-