General
-
Target
8145386361.zip
-
Size
113KB
-
Sample
221010-b2bsvsacd4
-
MD5
1610420352e993c70fc9c354a77bc759
-
SHA1
0c5b693ea2e03e7ad84fc207e21525915cdeb3ba
-
SHA256
7c67f47bb89ea053ca8266465ccb54dd3e9251684ac7d1c5001752237ef0f133
-
SHA512
89b9bacb83308e1d8ba622ca5770e993f692134497396f7f8b5e2eff9fee1a301dbe7b0e13b5027549c6718986d18f1fc8ea36ea9bf7c93314f88fba5194ca57
-
SSDEEP
1536:of9VblDt/AVc9KA9cVBvcc+HzsokGy4YNktFT8qmCFK1Q0UBqHWeERoDskCTnNJ0:YEc8A9csVVkGy3UTeRCjqQrpiV
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\2267484497\readme-warning.txt
makop
Targets
-
-
Target
808b82686bcce67e36cd4176b077fcb7e29b7ffc340d02e5e051b179a0eb660c
-
Size
264KB
-
MD5
90144b44265dd72a22ccadf0824966a1
-
SHA1
ce53459dcaed4c66140994f039bff0626ea3930c
-
SHA256
808b82686bcce67e36cd4176b077fcb7e29b7ffc340d02e5e051b179a0eb660c
-
SHA512
655888571e37fe79441ae3320b8bc7fafa14dcb4d13c14d27a9e7129d3f567bac4564463af3a84e185c877316412c057a2fbb6be6d5b8e4c4eac5feb7f27575e
-
SSDEEP
3072:nomnzVincQDKgcVsVKmOKsuWoZGbfYgqh2jT9KNp0BjY8n:ntZSSf31lBn
Score10/10-
Makop
Ransomware family discovered by @VK_Intel in early 2020.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-