netwalker | 2025-03-20_6006725a2daa0b01a4af2fddf58db57b_mailto | Triage

Sharing

General

Target

2025-03-20_6006725a2daa0b01a4af2fddf58db57b_mailto
Size

69KB
MD5

6006725a2daa0b01a4af2fddf58db57b
SHA1

2e9c40f5bc4f7d8c543cf5a93123fc2794f26a6a
SHA256

448f9d5980c6e327d5cf3e3286381df157876c7f4a748a31038d5bee5479c901
SHA512

0ee22efada8a3be89b6b0c6241c63ba57319c6ef5cbab5df6d2637d1b52a933ad70b88eb7a554f80cfb87f3c1d556c902a5e81415b6ce3b41a67becfd3313e29
SSDEEP

1536:QuCWRxL7hbUiQfovePbUU+hhOZuIWiFp+ZfaBZebC33O+alcBc:rCWf7VJQfmePbvkhOZu1iFBBZebC3KlR

Score

10^/10

netwalker

Malware Config

Signatures

Detected Netwalker Ransomware 1 IoCs

Detected unpacked Netwalker executable.

resource	yara_rule
sample	netwalker_ransomware

Netwalker family
netwalker

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2025-03-20_6006725a2daa0b01a4af2fddf58db57b_mailto

Files

2025-03-20_6006725a2daa0b01a4af2fddf58db57b_mailto
.exe windows:6 windows x86 arch:x86

e82dd51b077167be63c004bed23d0c1e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ