Behavioral task
behavioral1
Sample
2024-04-23_efeb1be8bd41130cd7c545010d140afa_babuk_mailto.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2024-04-23_efeb1be8bd41130cd7c545010d140afa_babuk_mailto.exe
Resource
win10v2004-20240412-en
General
-
Target
2024-04-23_efeb1be8bd41130cd7c545010d140afa_babuk_mailto
-
Size
94KB
-
MD5
efeb1be8bd41130cd7c545010d140afa
-
SHA1
a056845be51604a73cac17479f04d9077c202e05
-
SHA256
4fb90e7f4baa933ad69be3abb36dbb586dc86e6162d7ac70a504a0c8942ea798
-
SHA512
291c73ba102104a365c6769b8b29451a3594b06fbe65fe0a8f45d613981bb4ded5e23331ec65148c0a67a90de8fd0cc2c8379909bd2916f1f72cb2ddc68f934a
-
SSDEEP
1536:NQVlCPQRhNs3POdM0ty2XGe0W7Pbk3sPkO5M/Y8fGMNvgaNg:NQ3CPAC/YM0tyAGe0WDPx9MNvg8g
Malware Config
Signatures
-
Detected Netwalker Ransomware 1 IoCs
Detected unpacked Netwalker executable.
resource yara_rule sample netwalker_ransomware -
Netwalker family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-04-23_efeb1be8bd41130cd7c545010d140afa_babuk_mailto
Files
-
2024-04-23_efeb1be8bd41130cd7c545010d140afa_babuk_mailto.exe windows:6 windows x86 arch:x86
e82dd51b077167be63c004bed23d0c1e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
Sleep
Sections
.text Size: 84KB - Virtual size: 83KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ