Extracted

Extracted

• • Target

    ddb5fdd76fe638663422dd48b218a048.exe

  • Size

    1011KB

  • MD5

    ddb5fdd76fe638663422dd48b218a048

  • SHA1

    7d22a562f6c0eea916389ca5ff202ce1b96d00ad

  • SHA256

    47255c3ad12f555aff1e23aafa87e37693e736e8e6c989e4766426587dd252dc

  • SHA512

    eac75bc0914fbef36bb41355dcbaf30a46c724a32cf9605188fcef40a29ff43d9fd6ca51ec33db412c59e747ed9bd12833c797021560d252810085642286a4af

  • SSDEEP

    12288:GSCbvRebCWcQ95agaB/0qaZfakaaagMaOamaFa6:LevgZboGzdgtdmv

  Score

  10^/10

  netwalkerransomwarespywarestealer

  • Netwalker Ransomware

    Ransomware family with multiple versions. Also known as MailTo.

    ransomwarenetwalker

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (7372) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2