Extracted

• • Target

    2024-02-18_52b1171ccd66ff02c2947927300d9c33_makop

  • Size

    42KB

  • MD5

    52b1171ccd66ff02c2947927300d9c33

  • SHA1

    eeb6ef1830ed9b6c8838bcf398c878525a421e23

  • SHA256

    a043cf14c1e9bb9e6fcbf8a3302acf7e7c46dfeaa40ed7a1c6d31d17ab40a261

  • SHA512

    26e27833e0197073867fadc4d4493ffaf69b4e4bb3e68c0b6e55bc88a1222fa0f0a520c303ef15961e46ffb297aa1305d8f5221dfc9a275c5eb258c35049b88a

  • SSDEEP

    768:EO1oR/6VS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzDqW52BqwLnTZpk1M:E2S1FKnDtkuImngBqwLTZy1M

  Score

  10^/10

  ransomwarespywarestealer

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Renames multiple (8322) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2