General
-
Target
6361700971479040.zip
-
Size
25KB
-
Sample
211015-t719tabbe4
-
MD5
64b0b8210b64c744750830e320480786
-
SHA1
eda696ab93d9fcedd29071dc38507db1fb442c84
-
SHA256
08810549d87143439b0293f5772766cacaeebf217d692ddfb776f916f8b582fd
-
SHA512
6431347065db622045c2d24c064bcf94661b66dcdeea594c4f6dac8fd4c4173f7b740368ae7c1b2647193c629a567dca608737778e8886f3ba69ba20ac0d32dd
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\750024459\readme-warning.txt
makop
Targets
-
-
Target
4339192e184bea89107928ccd5bcc1f5d4a928922361ab3f999926f74a0f6512
-
Size
42KB
-
MD5
d29a5ac669fd239a2df8a7ba6bad4b75
-
SHA1
b18e00d53474c95fa0720b1720557e4d9a09f161
-
SHA256
4339192e184bea89107928ccd5bcc1f5d4a928922361ab3f999926f74a0f6512
-
SHA512
c1e104375d445d7431fd68d0cb6731e459aa0be5b8495bcdca147d0052aa18e4a1f0817d54e2b72489cc9668772c36d6243f716cf542d48a3514f4fb3060a7b6
Score10/10-
Makop
Ransomware family discovered by @VK_Intel in early 2020.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-