Extracted

Extracted

• • Target

    2025-01-29_2be2af23b313b80536e9ca3c12704d6c_mailto

  • Size

    66KB

  • MD5

    2be2af23b313b80536e9ca3c12704d6c

  • SHA1

    5ce36159fb34f79df9bd8ba43afb8c21a059052c

  • SHA256

    16e6fc7f6bf936eda5723551ea9d0aee9d83e265c1e70cc2d66198be8e1400d8

  • SHA512

    384b55e59933ca35a4f6db970e6ac1169e016b40739c7b15f4a592e11fff8c7d4afa730cd2b0b78ad1ea18e29c881028228683b55742be76bbae65102be08853

  • SSDEEP

    1536:Tn2v0CaaFjJn/zk4XHnnzxLhOZ3w4qwiDKKVqmfeL:TIK+N/44XHnzthOZ37qwiDo

  Score

  10^/10

  netwalkerdefense_evasiondiscoveryexecutionimpactransomwarespywarestealer

  • Netwalker Ransomware

    Ransomware family with multiple versions. Also known as MailTo.

    ransomwarenetwalker

  • Netwalker family

    netwalker

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (7436) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2