makop | 0a89eaba131bd382f2f0fd1d4ad31800366e61d57a88d2ec0c07ab9c0eb4eff1

General

Target

Viruses.7z
Size

6.1MB
Sample

220305-h3m1vahhgl
MD5

608d70d34a26173c734cf44064031c8a
SHA1

8c42296781cf77761bda11686603376f18d21f64
SHA256

0a89eaba131bd382f2f0fd1d4ad31800366e61d57a88d2ec0c07ab9c0eb4eff1
SHA512

f72eb485dcd410e064b43b7aef571227867818494e53108f184880f24f7f1aa55f25572c5dfb13bd4069497ad6fd43dd2e86a539f189a32ce142414cee1556af

Score

10^/10

Malware Config

Extracted

Ransom Note

Your files have been encrypted... 00000000000000000000 Decrypt files? Write to this mails: [email protected] Your unique ID [<%HID%>] [copy] Warning! All your data was extracted and copied! If you don't contact us, it will be sold and uploaded to public sources! Your ID [<%HID%>] [copy] Write to [email protected] [copy]

Emails

[email protected]

Targets

- Target
  
  Viruses/a.exe
- Size
  
  116KB
- MD5
  
  323a36c23e61c6b37f28abfd5b7e5dfe
- SHA1
  
  8e47e4390eddf5c593b194ab2fba46ab51d25d90
- SHA256
  
  fb1dd40577af7ac4d8c32506e78e39841ff6d05ee643c18270ef26eac798df3f
- SHA512
  
  ed70c5c4e497853f5e16b6ce7024b9893ebc3875e2c046703bd92562469ccd7aa443642036a637beb45bc9685d819f6a9bf55825ceecfef4dd5c76f09fce7f19
Score

3^/10
behavioral1
- Target
  
  Viruses/b.exe
- Size
  
  131KB
- MD5
  
  728eca0c2c3030179d8546a15ac62c2e
- SHA1
  
  2b7e40cf217e53de3d5b3022f99b773afc02c880
- SHA256
  
  10ea5ac09ec72101c6f8656f3f08f6f9495f8b43849f27928efd6485cee04913
- SHA512
  
  f69873c73fa9354cf7dd3e9564feb1f2fef1151583977c03f4491155f14fe6d142d0f7e2e3477b75a862f62e5f0cc099f69a72f04081b4f591567857fa569e31
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral2
- Target
  
  Viruses/c.exe
- Size
  
  109KB
- MD5
  
  e710eb9ff8c1ee354527072beac8229a
- SHA1
  
  72d8db33fc760927a73215bf5a35d8821e550899
- SHA256
  
  6752d24da3565761c94ab10d3010e1be702221783f9b509209f97a8e32003767
- SHA512
  
  e4f29e16cdb366aa63687fe2dc7588d272c71dd3b7a7bafcdcb5845ea1a25472aa3fabb6ce90d51e85a6a0557ce00e436b3615587b74768c0b4bc018a79a5107
Score

10^/10
- Suspicious use of NtCreateUserProcessOtherParentProcess
behavioral3
- Target
  
  Viruses/d.exe
- Size
  
  157KB
- MD5
  
  25e62ef07aa497ff4b13549bc6639e19
- SHA1
  
  c8cee35f713031ca109dffae4fbede766d427e08
- SHA256
  
  aac0c5ad612fb9a0ac3b4bbfd71b8931fc762f8e11fdf3ffb33ef22076f9c4bc
- SHA512
  
  281a723c3ebfb369ad5bb73e18de0654e9ed1df25af49fcceaafe5afe425975c688eb4df4934b386b5532949f4bea6e688e33b599739e40ac381484e766fce5f
Score

1^/10
behavioral4
- Target
  
  Viruses/f.exe
- Size
  
  131KB
- MD5
  
  e20baed2f54af658d546027c5f839656
- SHA1
  
  b3423b5d096cf915019cd8d7c994cf9919523901
- SHA256
  
  0a4a0f0df5eea57f16a76bff6489dd95a7089afba8e9e5c8bcadc46870af33fb
- SHA512
  
  4d3885ffd66111487fe68aa22b49324657d4440e1231adcfc497a6d539dd8c9cf2ef4fd6fc09a2b1ba54d851444d1b66199ad6b0d105b48c20039df240b6769c
Score

3^/10
behavioral5
- Target
  
  Viruses/h.exe
- Size
  
  1.2MB
- MD5
  
  256ab83ea3de9801d66bc7f3e3831ea8
- SHA1
  
  544b03f7f5fd8f0c08feb9d3e621d04e45229cda
- SHA256
  
  a903f4d8f126a830b8f12e05c035b86e4dfd65cb1fd64d0d0b503035b49d0cb7
- SHA512
  
  95d56568067d64c668b97e86e5362fdf447b80a878d7af96d6728906309fcc770d0834e07bfd4afbd57999f08b2228bef4c5c27128f3ba97f210e8c267ebeefe
Score

8^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
behavioral6

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Suspicious use of NtCreateUserProcessOtherParentProcess

VMProtect packed file

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6