Overview

overview

10

Static

static

10

3b15b66bf6...1e.exe

windows7-x64

10

3b15b66bf6...1e.exe

windows10-2004-x64

10

Resubmissions

08/11/2022, 17:32 UTC

221108-v4fz5shha5 10

08/11/2022, 15:20 UTC

221108-sqwgkafcdj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3b15b66bf6a7d7ebab6437906686037f23a797d15e0fbff3d6741d3f58db8f1e

  • Size

    34KB

  • Sample

    221108-v4fz5shha5

  • MD5

    5bcf1a6a65d8d0d2ad1c2a78935322b5

  • SHA1

    c5af15f8170e3840ba756397cb1548fa9489fae9

  • SHA256

    3b15b66bf6a7d7ebab6437906686037f23a797d15e0fbff3d6741d3f58db8f1e

  • SHA512

    f21e3bc29b60d3ed248dd048774823d013beb43f2fcf7e560774f1987dc07ff42de2fb68a8dd3bad0653a8587cca9b9f18e0671342c81d8c5698b97a135eb639

  • SSDEEP

    768:24HLd8Vdh1qV1Esg8kdJCzSIZHkKRV6kNDB3eHkkb/u:2Q8VgV1U8ZGURVFB3eH/u

Score
10/10
makopransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\readme-warning.txt

Family

makop

Ransom Note
::: Greetings ::: Little FAQ: .1. Q: Whats Happen? A: Your files have been encrypted. The file structure was not damaged, we did everything possible so that this could not happen. .2. Q: How to recover files? A: If you wish to decrypt your files you will need to pay in bitcoins. .3. Q: What about guarantees? A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests. .4. Q: How to contact with you? A: You can write us to our mailbox: coleman.dec@tutanota.com or lauracc@msgsafe.io .5. Q: How will the decryption process proceed after payment? A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files. .6. Q: If I don�t want to pay bad people like you? A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money. :::BEWARE::: DON'T try to change encrypted files by yourself! If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files! Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.
Emails

coleman.dec@tutanota.com

lauracc@msgsafe.io

Targets

    • Target

      3b15b66bf6a7d7ebab6437906686037f23a797d15e0fbff3d6741d3f58db8f1e

    • Size

      34KB

    • MD5

      5bcf1a6a65d8d0d2ad1c2a78935322b5

    • SHA1

      c5af15f8170e3840ba756397cb1548fa9489fae9

    • SHA256

      3b15b66bf6a7d7ebab6437906686037f23a797d15e0fbff3d6741d3f58db8f1e

    • SHA512

      f21e3bc29b60d3ed248dd048774823d013beb43f2fcf7e560774f1987dc07ff42de2fb68a8dd3bad0653a8587cca9b9f18e0671342c81d8c5698b97a135eb639

    • SSDEEP

      768:24HLd8Vdh1qV1Esg8kdJCzSIZHkKRV6kNDB3eHkkb/u:2Q8VgV1U8ZGURVFB3eH/u

    Score
    10/10
    makopransomware

    • Makop

      Ransomware family discovered by @VK_Intel in early 2020.

      ransomwaremakop

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.