General
-
Target
mm.7z
-
Size
135KB
-
Sample
220427-lgk6xaedgm
-
MD5
7ee05f6845057d45bec18bbc344b20fc
-
SHA1
4bc67e05a807fdeff45182a6063b1adf883f7b0b
-
SHA256
0bb22d8cf087f9652841cf885e524f38c21c132a1920cad07b2ebf48012920af
-
SHA512
bc72fb66b74dd640331ab9cc2ee567f87e061477126f50cb0ee620a40b5f34e6368ea07ee211536e5f8b7dc9a3a5d31e472b0723fedaf15fb0c02764ab37c166
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\3374973704\readme-warning.txt
makop
Targets
-
-
Target
1.exe
-
Size
1.0MB
-
MD5
342a196528cc22163fa6a9bd7640c221
-
SHA1
d8e9e8908a9f3be4bbd8fe169d420dcb523e6b4c
-
SHA256
94b9665b40a2b36d6ff46ffd083bbf1c6d6c08de9fe24eb6dfb0199bd17f84b4
-
SHA512
f3b2363664153b3ddcb060edfa44263de7f68f0c4febccc13b8e690aa751ed8edf096a40a08ee33ffe04748b360e4240805c1623ef8987861a33fea042e006e4
Score10/10-
Makop
Ransomware family discovered by @VK_Intel in early 2020.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-
-
-
Target
2.exe
-
Size
1.0MB
-
MD5
2d2f9219f2ae72a45a9f78f343622a2d
-
SHA1
5999180e2e40457a3c9ad375c870449710f00c61
-
SHA256
fde431d08dd6bc86638d72f8fe39f0562202f1183e23fd3ba42661913b337322
-
SHA512
9e8b0af7779e0a2b8b64ceb8b3df5495c79fee07c1e3224f8d400e024e4726a1b6881ce882529c23437f8cd7bb51254a9b11b22bc5f7d86f85e19039261fa46b
Score10/10-
Makop
Ransomware family discovered by @VK_Intel in early 2020.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-