General
-
Target
μ΄λ ₯μ_κ²½λ ₯μ¬νμ λͺ¨λ κΈ°μ¬νμμ΅λλ€ νμΈλΆνλλ¦¬κ² μ΅λλ€ κ°μ¬ν©λλ€.exe
-
Size
219KB
-
Sample
200624-pkhy91h99a
-
MD5
1d1bd74c388d4dc2fc9e832d1571f7dd
-
SHA1
2c129b8fef3444c1e2b48aa9638611bb73b631f8
-
SHA256
bc225c5fe58ce3b42512871afdcc4513a870812b6b6477d8fe53bca77100660e
-
SHA512
185af03d58dd651ca82472bd35f134d645f49b3858c8e32b57521a46e2b801a05ba7e382360a31e2c497936f5861a2f0817ce7b13c653d809e3b5077ba407a02
Static task
static1
Behavioral task
behavioral1
Sample
μ΄λ ₯μ_κ²½λ ₯μ¬νμ λͺ¨λ κΈ°μ¬νμμ΅λλ€ νμΈλΆνλλ¦¬κ² μ΅λλ€ κ°μ¬ν©λλ€.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
μ΄λ ₯μ_κ²½λ ₯μ¬νμ λͺ¨λ κΈ°μ¬νμμ΅λλ€ νμΈλΆνλλ¦¬κ² μ΅λλ€ κ°μ¬ν©λλ€.exe
Resource
win10
Malware Config
Extracted
C:\readme-warning.txt
makop
akzhq615@protonmail.com
Targets
-
-
Target
μ΄λ ₯μ_κ²½λ ₯μ¬νμ λͺ¨λ κΈ°μ¬νμμ΅λλ€ νμΈλΆνλλ¦¬κ² μ΅λλ€ κ°μ¬ν©λλ€.exe
-
Size
219KB
-
MD5
1d1bd74c388d4dc2fc9e832d1571f7dd
-
SHA1
2c129b8fef3444c1e2b48aa9638611bb73b631f8
-
SHA256
bc225c5fe58ce3b42512871afdcc4513a870812b6b6477d8fe53bca77100660e
-
SHA512
185af03d58dd651ca82472bd35f134d645f49b3858c8e32b57521a46e2b801a05ba7e382360a31e2c497936f5861a2f0817ce7b13c653d809e3b5077ba407a02
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-