Extracted

• • Target

    2024-10-07_048b493c1e9795a8d28a511d88b86f9e_makop

  • Size

    49KB

  • MD5

    048b493c1e9795a8d28a511d88b86f9e

  • SHA1

    d4ab7061b3de8a4ca9875e343ed04f128f1d6bff

  • SHA256

    4aace7fd7ba4c0eb24454f9bbf161499363ff34fc5c2eb81b982a25cfc0fdd27

  • SHA512

    d340f31d9dc148cc6127643c43b95360372f073cbc3b469307df54977c403ac13b42ad95b1035299a51cb296eef711d4ebd278a4348d394aac5ad52b65afb99a

  • SSDEEP

    768:uaQRffTB31aCytHLykiKPT3JATD2qBwV2ckjbnsb0Ah99De0YADI3w9L86s7D7dG:uaK318HxZATvnsblYOIR6s7DM

  Score

  10^/10

  defense_evasiondiscoveryexecutionimpactransomwarespywarestealer

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (8352) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware
  behavioral1behavioral2