MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4ccf3d32f438869e6a518ec970e0724b52abd3a39a4c2891fa3c2d3a4835a6e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4ccf3d32f438869e6a518ec970e0724b52abd3a39a4c2891fa3c2d3a4835a6e
SHA3-384 hash: 29a8448f8b70224a3f321440e39729d148db2c63d4e1ba6b170d22757cb326f22128820e1596546cb53f7a382732f1bf
SHA1 hash: 97a52181f6907f8aaacae0bec013fa50b8706cec
MD5 hash: 809a76a64875aeede09f7db28a2333a9
humanhash: muppet-august-solar-sad
File name:f4ccf3d32f438869e6a518ec970e0724b52abd3a39a4c2891fa3c2d3a4835a6e.bin
Download: download sample
File size:95'744 bytes
First seen:2020-06-01 14:29:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 1536:1d95lbW768qFIxAl+VapAA/s8U9a9J52eIlCvcLGJyJQw:1dXJC8IxAaaaYs8U9aUeIepyF
Threatray 15 similar samples on MalwareBazaar
TLSH 88930831A99900ACC5B6C13DD7DA163BDBF634411720AFEF61206A642B667D1FF2C382
Reporter Anonymous
Tags:NetWalker


Avatar
Anonymous
Zero2Automated Course

Intelligence

File Origin
# of uploads :
1
# of downloads :
2'015
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Netwalker
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 05:37:47 UTC
File Type:
PE+ (Dll)
AV detection:
22 of 31 (70.97%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
2a1b3187f7000dfb10dff758fe598e73e58d6864c5a4579e7c35acd88314ca20
2c245db9fb9b2c6e84832662dda3dfff3c6b21128d9fec115f5b989fb090841d
4158ad6eca8c3087ed221953f7a69d3d40a772c5af415f32e110a46da8a9f8ac
664a129052f024acaca3ca8df9b52a432e2172678b1f80af82fcd2ec9d642e18
6887fa9f10ad20a3a78cd33335a065ac9266cd2709ffa56d9f60877cbf3170a6
92e4d38e17e4dc32519df7324013477908c9cb725ea29aea6e4fd8c27eb7087d
ac8ccb4e061660998bc269d9b94f95dade11a4fe09a4457f5155ead8bfa74680
bfa0531240e8ae03aee76df45f9e4c8748ad739a63f47c81269d7b2ca05fc329
e167717c47bc2776217b5cd16fe7ad8a7228d626b3a452b2c8664f9c1c057b66
f93209fccd0c452b8b5dc9db46341281344156bbedd23a47d2d551f80f460534
+ 5 additional samples on MalwareBazaar
Result
Malware family:
netwalker
Create hunting rule
Score:
  10/10
Tags:
family:netwalker ransomware spyware
Link:
https://tria.ge/reports/201109-qxev263cfs/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Reads user/profile data of web browsers
Modifies extensions of user files
Netwalker Ransomware
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments