makop | 2024-10-02_d4b924a9d396ce143aac15ccb4be8041_makop

Sharing

Copy URL

Twitter E-mail

General

Target

2024-10-02_d4b924a9d396ce143aac15ccb4be8041_makop
Size

48KB
MD5

d4b924a9d396ce143aac15ccb4be8041
SHA1

30d8deaca70759fcb0159042c98a2ef41831edf1
SHA256

585829269d87b4b63c3cc4c6d855c0077190c2ae888e1e52aad013e2f1eb652a
SHA512

47b5a3149d4b32657975cabfb521a735535b7f5abb20b6392b582ddab4716314073b70aecc1fe887c7cf7211b43aba4f2977b9393e2ef9034a5d23b2ca76d388
SSDEEP

768:K8Z+47PKmQjYz3KgZYakDroDDl1lUkGgQ7WJxXv7zDOY3zqlrKKMzkU5f8i3:K8KmQjo3nkHoF1YWP733z5f5f/

Score

10^/10

makop

Malware Config

Signatures

MAKOP ransomware payload 1 IoCs

resource	yara_rule
sample	family_makop

Makop family
makop

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-10-02_d4b924a9d396ce143aac15ccb4be8041_makop

Files

2024-10-02_d4b924a9d396ce143aac15ccb4be8041_makop
.exe windows:4 windows x86 arch:x86

0bb467b35df4ef6b5b0656540e9b4a98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCloseEnum

kernel32

ReadFile
CreateFileW
GetFileSizeEx
MoveFileW
SetFileAttributesW
HeapAlloc
GetCurrentProcess
HeapFree
GetProcessHeap
GetVersion
GetProcAddress
LoadLibraryA
GetModuleHandleA
DuplicateHandle
SetFilePointerEx
OpenProcess
GetFileType
ExitProcess
GetCommandLineW
GetEnvironmentVariableW
CreateProcessW
CreatePipe
LocalFree
Process32NextW
CreateMutexA
CreateToolhelp32Snapshot
GetLocaleInfoW
GetModuleFileNameW
PeekNamedPipe
Process32FirstW
SetHandleInformation
GetTempPathW
GetTempFileNameW
CreateDirectoryW
WriteFile
Sleep
FindClose
GetLastError
GetFileAttributesW
GetLogicalDrives
WaitForSingleObject
CreateThread
GetVolumeInformationW
SetErrorMode
FindNextFileW
GetDriveTypeW
WaitForMultipleObjects
FindFirstFileW
TerminateProcess
DeleteCriticalSection
GetExitCodeProcess
LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
CloseHandle
GetCurrentProcessId
GetSystemWindowsDirectoryW

user32

wsprintfW
wsprintfA
GetShellWindow
SystemParametersInfoW
GetWindowThreadProcessId
GetDC
ReleaseDC
DrawTextA

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
SetBkMode
GetDIBits
SetTextColor
GetObjectW
CreateFontW
DeleteDC
GetDeviceCaps

advapi32

CryptGenRandom
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
DuplicateTokenEx
SetTokenInformation
GetTokenInformation
OpenProcessToken
CryptDecrypt
CryptDestroyKey
CryptAcquireContextW
CryptSetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt

shell32

ord680
CommandLineToArgvW
SHGetSpecialFolderPathW

netapi32

NetApiBufferFree
NetGetJoinInformation

msimg32

GradientFill

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0bb467b35df4ef6b5b0656540e9b4a98

Headers

DLL Characteristics

File Characteristics

Imports

mpr

kernel32

user32

gdi32

advapi32

shell32

netapi32

msimg32

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: - Virtual size: 72KB

.ndata Size: 16KB - Virtual size: 15KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: - Virtual size: 72KB

.ndata
Size: 16KB - Virtual size: 15KB