Extracted

• • Target

    입사지원서_220109(경력사항도 같이 기재하였습니다 잘부탁드립니다).exe

  • Size

    2.9MB

  • MD5

    5d8ae8c788d8f89b6bbe4b94f77d0181

  • SHA1

    efde96d76f372f2f31a017a7f83ea5ed87905614

  • SHA256

    a617fdbff227afe8c89ba96d34724fb03c0c08857c508c8c80f3fedc916fe2b4

  • SHA512

    67c8d27949d88e0006bd7cb7d0dd0113426b7d73f68bbbe5dfee92c97646a498c6bbd8bbaa10e7bf7ad8365edc115858d09a87aa1e6aa7a7e7eb795d9a088722

  Score

  10^/10

  makopransomwarespywarestealer

  • Makop

    Ransomware family discovered by @VK_Intel in early 2020.

    ransomwaremakop

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2