General
-
Target
dc4bb89a5e91280cb1fcf1d87f8616fe3cc283159c8babb240b437d2e1e5a309
-
Size
396KB
-
Sample
240321-wx6snaee57
-
MD5
6a956731b3677dd9d4d18641d40532ab
-
SHA1
1994ee0b381c5528d5b5c01fb97a14b5ff81e5a5
-
SHA256
dc4bb89a5e91280cb1fcf1d87f8616fe3cc283159c8babb240b437d2e1e5a309
-
SHA512
314d87605dfe01cfb83a8b6ff17e98fc933f012ef933557d1899ebf0941d892a37f0d0692d99a3cd7061ce6c2c90a6dafe7b8dbb80ae875d9c368529f0b87991
-
SSDEEP
1536:n28VgV1U8ZGURVFB3eH/omAhUfKQnSz+jS7ddpjHXSeSv3caALL95T:28VgV1UqGgVFBKo8ybdz
Behavioral task
behavioral1
Sample
dc4bb89a5e91280cb1fcf1d87f8616fe3cc283159c8babb240b437d2e1e5a309.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
dc4bb89a5e91280cb1fcf1d87f8616fe3cc283159c8babb240b437d2e1e5a309.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\readme-warning.txt
makop
Targets
-
-
Target
dc4bb89a5e91280cb1fcf1d87f8616fe3cc283159c8babb240b437d2e1e5a309
-
Size
396KB
-
MD5
6a956731b3677dd9d4d18641d40532ab
-
SHA1
1994ee0b381c5528d5b5c01fb97a14b5ff81e5a5
-
SHA256
dc4bb89a5e91280cb1fcf1d87f8616fe3cc283159c8babb240b437d2e1e5a309
-
SHA512
314d87605dfe01cfb83a8b6ff17e98fc933f012ef933557d1899ebf0941d892a37f0d0692d99a3cd7061ce6c2c90a6dafe7b8dbb80ae875d9c368529f0b87991
-
SSDEEP
1536:n28VgV1U8ZGURVFB3eH/omAhUfKQnSz+jS7ddpjHXSeSv3caALL95T:28VgV1UqGgVFBKo8ybdz
Score10/10-
Renames multiple (8210) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-