General
-
Target
2024-02-24_5b20ed0969fbab232d5818b81446f17f_makop
-
Size
42KB
-
Sample
240224-gccxhsbg5t
-
MD5
5b20ed0969fbab232d5818b81446f17f
-
SHA1
2afa64da836d92b4668855f023e5af5c6b1f22af
-
SHA256
2aee24de0bc5eb0b109465bc23ffa01e34b66656b93d8e5e4633382ca79dbd39
-
SHA512
fa4c496d438b7a7655dd6dcb9e8c6d22c8bb4950d97355019fc1068d189a1250fc754710bd9bb05919754a763a5f0900545f102359dd23c8279416f09183c044
-
SSDEEP
768:JO1oR/w7QVS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzDmLe3OUUBCvi+p0oPR:JqkS1FKnDtkuImmeOBC6YR
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\+README-WARNING+.txt
Targets
-
-
Target
2024-02-24_5b20ed0969fbab232d5818b81446f17f_makop
-
Size
42KB
-
MD5
5b20ed0969fbab232d5818b81446f17f
-
SHA1
2afa64da836d92b4668855f023e5af5c6b1f22af
-
SHA256
2aee24de0bc5eb0b109465bc23ffa01e34b66656b93d8e5e4633382ca79dbd39
-
SHA512
fa4c496d438b7a7655dd6dcb9e8c6d22c8bb4950d97355019fc1068d189a1250fc754710bd9bb05919754a763a5f0900545f102359dd23c8279416f09183c044
-
SSDEEP
768:JO1oR/w7QVS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzDmLe3OUUBCvi+p0oPR:JqkS1FKnDtkuImmeOBC6YR
Score10/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (7555) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Drops file in System32 directory
-