• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Gozi The Malware with a Thousand Faces
September 1, 2020
Rewterz Threat Alert – Covid-19 Themed Malicious URLs
September 1, 2020

Rewterz Threat Alert – NetWalker Ransomware

September 1, 2020

Severity

High

Analysis Summary

Netwalker ransomware attacks on foreign government organizations, education entities, private companies, and health agencies have been observed. Following a successful intrusion, Netwalker encrypts all connected Windows-based devices and data, rendering critical files, databases, and applications inaccessible to users. When executed, Netwalker deploys an embedded configuration that includes a ransom note, ransom note file names, and various configuration options. It first appeared in August 2019. In its initial version, the ransomware went by the name of Mailto but rebranded to NetWalker towards the end of 2019.

The ransomware operates as a closed-access RaaS — a ransomware-as-a-service portal. Other hacker gangs sign up and go through a vetting process, after which they are granted access to a web portal where they can build custom versions of the ransomware.

The distribution is left to these second-tier gangs, known as affiliates, and each group deploys it as they see fit.

Impact

  • Files encryption
  • Data Theft
  • Unauthorized Access
  • Information disclosure
  • Network-wide infection

Indicators of Compromise

MD5

  • 5af5e3426926e551ed3acc5bea45eac6
  • 0d890fc8e761b764ba3a04af07197e20
  • 96e1849976d90425e74f075ed6bf8c30
  • 531c0c5e943863b00c7157c05603113a
  • 81c965ff526e7afd73c91543fee381a3
  • 8e030188e0d03654d5e7a7738a9d6a9a

SHA-256

  • f743c0849d69b5ea2f7eaf28831c86c1536cc27ae470f20e49223cbdba9c677c
  • e56d45628f0c2bda30ab235657704aac50a8433bdb4215c77a2e0f52f0f31a49
  • ae431797c551c20fe2f3fe1adc08a566edfabf45abbd924f0c8da06381ab6e48
  • 4f7dd00a005caf046dd7e494fea25be2264974264d567edfc89122242b7c41bc
  • 5ae06a8d117e876476832245039715825fbfbefc0d2463ab6c30295dd1d4afa6
  • 36be48e4eac81ad77aeade20b28ff8b72275832e6833f5e1b692eb99f312fd13

SHA1

  • 1296a1f8887753ef87910b544727de76ce2adcc5
  • e0a37d0c26b351b789caffc8c90b968269982d55
  • 21c0ed7abaafbfd14c777aa370f397e4351654a6
  • caa18377e764a3a27c715b3d69ba2258ee4eb0b2
  • b9b83b17fd6d89807dcab7772b1416fa90ca4b0e
  • e24a174fff19d873df0fa5eddd9ec534617ed9d7

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Maintain a strong password policy.
  • Keep all systems, applications and software updated to latest patched versions against all known security vulnerabilities.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.