Extracted

• • Target

    이력서.xll

  • Size

    667KB

  • MD5

    c181e7eaacbcfe010375a857460a76c6

  • SHA1

    eccc90dfd24abcebc0d20b733e4ec0c713be3763

  • SHA256

    549cf5de7d7221009f46b148b59dc529de794d2dfd70b81ef3717c25a3de5360

  • SHA512

    1d007f214e3b6644492e1dbfc87df331d62df74c45b168875a6da5a5730c694c1407b8bdf65a6a06ee729db996141acb02977c5e5c1eaebe6815385f2ace9f2a

  Score

  10^/10

  makopransomware

  • Makop

    Ransomware family discovered by @VK_Intel in early 2020.

    ransomwaremakop

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2