netwalker | 2025-01-22_12448b9b16e1c3a907f669ff5906046d_babuk_mailto | Triage

Sharing

General

Target

2025-01-22_12448b9b16e1c3a907f669ff5906046d_babuk_mailto
Size

82KB
MD5

12448b9b16e1c3a907f669ff5906046d
SHA1

264a5f682001eae793103023f35b0a865b48d25b
SHA256

d68ec0df2b057387bbd78a51054f7c06bdf029337bf9d66c1d411ba0243b2ae5
SHA512

58870722418a14fbc86062979b8b93fc9aa31848b03217fc7534b6bd9d03383de5ad338cd75376f8bbee378f38d5e473364429cf8bc631a5125e5e65314b7be3
SSDEEP

1536:yoF+QbXFzvL4ZwxY/ic0ty2XGf0s7pBZWNFMSZs1:yiFF7Loxt0tyAGf0sN5S2

Score

10^/10

netwalker

Malware Config

Signatures

Detected Netwalker Ransomware 1 IoCs

Detected unpacked Netwalker executable.

resource	yara_rule
sample	netwalker_ransomware

Netwalker family
netwalker

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-01-22_12448b9b16e1c3a907f669ff5906046d_babuk_mailto

Files

2025-01-22_12448b9b16e1c3a907f669ff5906046d_babuk_mailto
.exe windows:6 windows x86 arch:x86

e82dd51b077167be63c004bed23d0c1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 926B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ