Extracted

Extracted

• • Target

    8639825230d5504fd8126ed55b2d7aeb72944ffe17e762801aab8d4f8f880160

  • Size

    296KB

  • MD5

    258ed03a6e4d9012f8102c635a5e3dcd

  • SHA1

    a3bc2a30318f9bd2b51cb57e2022996e7f15c69e

  • SHA256

    8639825230d5504fd8126ed55b2d7aeb72944ffe17e762801aab8d4f8f880160

  • SHA512

    967414274cb8d8fdf0e4dd446332b37060d54a726ab77f4ec704a5afe12162e098183add4342d1710db1e1c3b74035a001cf4c2d7790a27bf6d8381c34a96889

  • SSDEEP

    3072:Kv4ZAWXDSxcoWn+v75ssiEcx7fWr5JNfb23y2O1Nm5dc:B1X7vwVspdOJND01

  Score

  10^/10

  netwalkerdefense_evasiondiscoveryexecutionimpactransomwarespywarestealer

  • Detected Netwalker Ransomware

    Detected unpacked Netwalker executable.

  • Netwalker Ransomware

    Ransomware family with multiple versions. Also known as MailTo.

    ransomwarenetwalker

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (7383) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2