Extracted

• • Target

    75af67f9b9a4a7e7f0b8e88c67143175676a3e742370b7655c8671ca6e591942

  • Size

    1.0MB

  • MD5

    c4c8e242b5025104c6f85cb2d2c6f355

  • SHA1

    604429eb08ef616d6d0693aa5c208bafb67973f7

  • SHA256

    75af67f9b9a4a7e7f0b8e88c67143175676a3e742370b7655c8671ca6e591942

  • SHA512

    3f4c1052a3d57b5d806558e73dc4597f53a64d86e7f49e3ae7c8b18c8965e013b3717b3d71d0a95824c3233feb3ffae0fcc7733493662c31f0e7da9eac1cb606

  Score

  10^/10

  makoppersistenceransomwarespywarestealer

  • Makop

    Ransomware family discovered by @VK_Intel in early 2020.

    ransomwaremakop

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2