makop | 62f796350dae2c66d9505c47f29569410d520d1cf17e33ef2be5d0a2358fb094 | Triage

Sharing

General

Target

2024-10-16_2e727ff87d475ae3609cb6222b8dd2fc_makop
Size

42KB
Sample

241016-aq8g1sxhqp
MD5

2e727ff87d475ae3609cb6222b8dd2fc
SHA1

b751273e0a3eaa59babf79c554dc5ca8203682d3
SHA256

62f796350dae2c66d9505c47f29569410d520d1cf17e33ef2be5d0a2358fb094
SHA512

49fbdc668cd70d98333bddf33073c0640d97f029d413787db4b81443185e3bfe32af82c5ac91604fcb788ac7c7e37c16be6599ba4b5272d63a530a337db955fe
SSDEEP

768:AO1oR/v5VS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzD5Hu85jWas3P5EzJWRB8:AnXS1FKnDtkuImr8as3qJWRB8

Score

10^/10

makop defense_evasion discovery execution impact ransomware spyware stealer

Malware Config

Targets

- Target
  
  2024-10-16_2e727ff87d475ae3609cb6222b8dd2fc_makop
- Size
  
  42KB
- MD5
  
  2e727ff87d475ae3609cb6222b8dd2fc
- SHA1
  
  b751273e0a3eaa59babf79c554dc5ca8203682d3
- SHA256
  
  62f796350dae2c66d9505c47f29569410d520d1cf17e33ef2be5d0a2358fb094
- SHA512
  
  49fbdc668cd70d98333bddf33073c0640d97f029d413787db4b81443185e3bfe32af82c5ac91604fcb788ac7c7e37c16be6599ba4b5272d63a530a337db955fe
- SSDEEP
  
  768:AO1oR/v5VS1RzK4wbs+D/SIJX+ZZ1SQQwZuIOPzD5Hu85jWas3P5EzJWRB8:AnXS1FKnDtkuImr8as3qJWRB8
Score

9^/10

defense_evasion discovery execution impact ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Renames multiple (8285) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Windows Management Instrumentation

Persistence

Privilege Escalation

Defense Evasion

Direct Volume Access

Indicator Removal

File Deletion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionimpactransomwarespywarestealer

behavioral2

defense_evasiondiscoveryexecutionimpactransomware