Extracted

• • Target

    makop_nowin.bin

  • Size

    34KB

  • MD5

    bd935610cb878e275d35f292b93d8459

  • SHA1

    2cfc4a68ece6c9465ba44f96b677cc00536908ad

  • SHA256

    3757824893405fd34313749b689879b40b02db3d8a682f9f88e23f63908881f7

  • SHA512

    2b754a4aeae53fc78fd07e08007d47f232d1b30855c098a3469459def47f912155f53bc918bdbae7fa0daf903185a38db76c9dfd354fa447729dc285b506907b

  • SSDEEP

    768:x4K+eQXL36kOK1R01WseZ0y/QyYvhITluDA1afkKIDo:xueQbgK1e1S235HA1a20

  Score

  10^/10

  makoppersistenceransomwarespywarestealer

  • Makop

    Ransomware family discovered by @VK_Intel in early 2020.

    ransomwaremakop

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2