Extracted

Extracted

• • Target

    ransom.exe

  • Size

    34KB

  • MD5

    41a2f1caab50ebde2911ec0aa9e0dc30

  • SHA1

    dce8b1773b2944d4e28d8c53c3224acd1e53c4cc

  • SHA256

    33ff0db152d0f78636522a1825b9366d71fc1bbc667158e8a3019a5beec609ff

  • SHA512

    d62ceef70c45124a4837523095dbd492be6b267ed01ee70a2e46518e713636b82fa94047da4a13a68aa6d8f46c8e8b0fe44527182216f3440f1d3442c39175d6

  Score

  10^/10

  makopransomwarespywarestealer

  • Makop

    Ransomware family discovered by @VK_Intel in early 2020.

    ransomwaremakop

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  behavioral1behavioral2