General
-
Target
2024-08-21_d2928a874344bd310125566d09f4ffcc_makop
-
Size
42KB
-
Sample
240821-bkkdnssgkf
-
MD5
d2928a874344bd310125566d09f4ffcc
-
SHA1
41070cb3d688c30ca7b95957e48eaa577e8a027d
-
SHA256
f9dcdbe1929dd4606138f9c77b95c144acd4d711fd372f7bb075b8aa61a83b62
-
SHA512
90a8f22346a1f08f91313f66f03cfd0da228b656f5a0dcd39db0497c300a5ad37e93a62ad78ed82aab0c2351c3e8af9f8923b9a10b06d527a0c6439c8a6b6629
-
SSDEEP
768:cO1oR/dUVS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzDLNIUe61Akojk1q4:clgS1FKnDtkuImLqUe6h7
Behavioral task
behavioral1
Sample
2024-08-21_d2928a874344bd310125566d09f4ffcc_makop.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
2024-08-21_d2928a874344bd310125566d09f4ffcc_makop.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\+README-WARNING+.txt
Targets
-
-
Target
2024-08-21_d2928a874344bd310125566d09f4ffcc_makop
-
Size
42KB
-
MD5
d2928a874344bd310125566d09f4ffcc
-
SHA1
41070cb3d688c30ca7b95957e48eaa577e8a027d
-
SHA256
f9dcdbe1929dd4606138f9c77b95c144acd4d711fd372f7bb075b8aa61a83b62
-
SHA512
90a8f22346a1f08f91313f66f03cfd0da228b656f5a0dcd39db0497c300a5ad37e93a62ad78ed82aab0c2351c3e8af9f8923b9a10b06d527a0c6439c8a6b6629
-
SSDEEP
768:cO1oR/dUVS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzDLNIUe61Akojk1q4:clgS1FKnDtkuImLqUe6h7
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (8354) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Direct Volume Access
1Indicator Removal
3File Deletion
3Modify Registry
1