Extracted

Extracted

• • Target

    (2020) Netwalker.exe

  • Size

    69KB

  • MD5

    80372de850597bd9e7e021a94f13f0a1

  • SHA1

    037db820c8dee94ae25a439b758a2b89f527cbb4

  • SHA256

    2520b15068fa108c947db179377c6b462f2c4f47037168bf8c69fcb668cb11a8

  • SHA512

    f43db3569ac60d6ed55b9a3a24dcb459e14b0bd944e9405a8cb2bfb686eaeff31c82ffcd6c477d6a6affe9014ae8ed7d8af174e8ceebbcf00b64ad293901a77a

  • SSDEEP

    1536:juCWRxL7hbUiQfovecnXUU+hhOZuIWiFp+ZfaBZebC33O+Pd71vb:KCWf7VJQfmeMXvkhOZu1iFBBZebC3F7t

  Score

  10^/10

  netwalkerdefense_evasiondiscoveryexecutionimpactransomwarespywarestealer

  • Netwalker Ransomware

    Ransomware family with multiple versions. Also known as MailTo.

    ransomwarenetwalker

  • Netwalker family

    netwalker

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (7434) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2