Extracted

• • Target

    2024-09-16_991ec1c9fb54f4e3033bc300941b9dc9_makop

  • Size

    42KB

  • MD5

    991ec1c9fb54f4e3033bc300941b9dc9

  • SHA1

    b0b4bb291ce9dfb9324d37e0dc8fbf1d16fc961e

  • SHA256

    427906c9063ebbc38eca3994bd081c3d218a8527c5066cca97d9dea09e29516e

  • SHA512

    00fbd919187624e16df55a4c6df975c205842c80b5008ff76d63e921044ad479acdbe13f3e2c88a6581a37717ca0f67e54907f70f24e539ae383e68a2543ab40

  • SSDEEP

    768:xu1oK+G3Vi1RzarwLc+D/CIJX+ZpFywgZuIOPzDjskYd5+BtwaIRQ:xGi1FaQD9duIm4tgBOaYQ

  Score

  10^/10

  defense_evasiondiscoveryexecutionimpactransomwarespywarestealer

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (8305) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Deletes itself

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2