Extracted

Extracted

• • Target

    2025-01-22_12448b9b16e1c3a907f669ff5906046d_babuk_mailto

  • Size

    82KB

  • MD5

    12448b9b16e1c3a907f669ff5906046d

  • SHA1

    264a5f682001eae793103023f35b0a865b48d25b

  • SHA256

    d68ec0df2b057387bbd78a51054f7c06bdf029337bf9d66c1d411ba0243b2ae5

  • SHA512

    58870722418a14fbc86062979b8b93fc9aa31848b03217fc7534b6bd9d03383de5ad338cd75376f8bbee378f38d5e473364429cf8bc631a5125e5e65314b7be3

  • SSDEEP

    1536:yoF+QbXFzvL4ZwxY/ic0ty2XGf0s7pBZWNFMSZs1:yiFF7Loxt0tyAGf0sN5S2

  Score

  10^/10

  netwalkerdefense_evasiondiscoveryexecutionimpactpersistenceransomware

  • Detected Netwalker Ransomware

    Detected unpacked Netwalker executable.

  • Netwalker Ransomware

    Ransomware family with multiple versions. Also known as MailTo.

    ransomwarenetwalker

  • Netwalker family

    netwalker

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (188) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes itself

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2