Extracted

• • Target

    이력서_경력사항은 모두 기재하였습니다 확인부탁드리겠습니다 감사합니다.exe

  • Size

    219KB

  • MD5

    1d1bd74c388d4dc2fc9e832d1571f7dd

  • SHA1

    2c129b8fef3444c1e2b48aa9638611bb73b631f8

  • SHA256

    bc225c5fe58ce3b42512871afdcc4513a870812b6b6477d8fe53bca77100660e

  • SHA512

    185af03d58dd651ca82472bd35f134d645f49b3858c8e32b57521a46e2b801a05ba7e382360a31e2c497936f5861a2f0817ce7b13c653d809e3b5077ba407a02

  Score

  10^/10

  makoppersistenceransomwarespyware

  • Makop

    Ransomware family discovered by @VK_Intel in early 2020.

    ransomwaremakop

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2