Extracted

Extracted

• • Target

    2025-03-20_6006725a2daa0b01a4af2fddf58db57b_mailto

  • Size

    69KB

  • MD5

    6006725a2daa0b01a4af2fddf58db57b

  • SHA1

    2e9c40f5bc4f7d8c543cf5a93123fc2794f26a6a

  • SHA256

    448f9d5980c6e327d5cf3e3286381df157876c7f4a748a31038d5bee5479c901

  • SHA512

    0ee22efada8a3be89b6b0c6241c63ba57319c6ef5cbab5df6d2637d1b52a933ad70b88eb7a554f80cfb87f3c1d556c902a5e81415b6ce3b41a67becfd3313e29

  • SSDEEP

    1536:QuCWRxL7hbUiQfovePbUU+hhOZuIWiFp+ZfaBZebC33O+alcBc:rCWf7VJQfmePbvkhOZu1iFBBZebC3KlR

  Score

  10^/10

  netwalkerdefense_evasiondiscoveryexecutionimpactransomwarespywarestealer

  • Netwalker Ransomware

    Ransomware family with multiple versions. Also known as MailTo.

    ransomwarenetwalker

  • Netwalker family

    netwalker

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (7419) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2