Extracted

• • Target

    이력서(뽑아주시면 항상 최선을 다하여 열심히하겠습니다).exe

  • Size

    299KB

  • MD5

    3d044acc234d0c4532e6a7eb694b8608

  • SHA1

    e7b58687e90b85cda45f6e5f8ac7d0271e95e40f

  • SHA256

    c311e0cd1b2052427260e95e3c7268451456167eb256a6032aa82d8e93ff6e34

  • SHA512

    cbfe2be0d48f5faec4b6358555b5c74c46b6c37d9135a6f2b8221bfd1736f4543f5e2e24d15b1eec74d64e03ddf6126303f6e038b40f92009fbcc4097d512a4c

  Score

  10^/10

  makopransomwarespywarestealer

  • Makop

    Ransomware family discovered by @VK_Intel in early 2020.

    ransomwaremakop

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2