General
-
Target
2024-10-05_76347e8108ecaf11c6eddfb4d49cb41c_makop
-
Size
49KB
-
Sample
241005-g8x8bsvbkf
-
MD5
76347e8108ecaf11c6eddfb4d49cb41c
-
SHA1
ca0fa39548515d258cf9dbf17f6bd85a14a8bbf6
-
SHA256
50901c4dce9b5674b68da3503240b62561af7d99d21ff30c8ec2f4977feb4485
-
SHA512
0ddb8975431a09d796986265868eab158cfd8f098c69c59edda184375fccce78d5e8501ad39d772432ba4492eb78ef890951888708f9433dc998abfb366073a3
-
SSDEEP
768:6aQRffhB31aCytHLykiKPT3JATD2qBwV2ckjbnsb0Ah99De0YAD93o7mIAWGBrRT:6aw318HxZATvnsblYO94Ujq
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Temp\lpksetup\lpk-tmp-00000006\amd64_microsoft-windows-r..component.resources_31bf3856ad364e35_6.1.7601.17514_es-es_fd1238df55953dc8\+README-WARNING+.txt
Targets
-
-
Target
2024-10-05_76347e8108ecaf11c6eddfb4d49cb41c_makop
-
Size
49KB
-
MD5
76347e8108ecaf11c6eddfb4d49cb41c
-
SHA1
ca0fa39548515d258cf9dbf17f6bd85a14a8bbf6
-
SHA256
50901c4dce9b5674b68da3503240b62561af7d99d21ff30c8ec2f4977feb4485
-
SHA512
0ddb8975431a09d796986265868eab158cfd8f098c69c59edda184375fccce78d5e8501ad39d772432ba4492eb78ef890951888708f9433dc998abfb366073a3
-
SSDEEP
768:6aQRffhB31aCytHLykiKPT3JATD2qBwV2ckjbnsb0Ah99De0YAD93o7mIAWGBrRT:6aw318HxZATvnsblYO94Ujq
Score10/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (6575) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Drops file in System32 directory
-