Overview

overview

10

Static

static

10

2024-12-13...op.exe

windows7-x64

10

2024-12-13...op.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-12-13_0f464fe6fb33396c435b797d16d4073c_makop

  • Size

    49KB

  • Sample

    241213-g89alaspap

  • MD5

    0f464fe6fb33396c435b797d16d4073c

  • SHA1

    67dceb30cca1dfdd136f439fb8c3813035549c8b

  • SHA256

    245d77ec0901975b12ac866614ffb4259e1d01d8284a6e9d1424e91c10e608fa

  • SHA512

    59826f5113848dc46f3228c3a17777840bb845783a1dfa7931ad710e7a72a930b7e14bd5c1ee6a0dd9d6c219ba4fe1427d0f7e45fb1d68aedd967a0b58f2e0f0

  • SSDEEP

    768:7AxPvDRD1ayCt3LSUS6QCA3KlRDsKeqRO8785F7HyFj6cBCE2fje0YADWQsMO30/:7CD183dAalnudHyFj6cBSfdYOOBYxYU

Score
10/10
makopdefense_evasiondiscoveryexecutionimpactransomware

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\+README-WARNING+.txt

Ransom Note
YOUR FILES ARE ENCRYPTED Your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email: [email protected] and decrypt one file for free. Before paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets,sql. etc.) Do you really want to restore your files? Write to email: [email protected] Your personal ID is indicated in the names of the files and in the end of this message, before writing a message by email - indicate the name of the ID indicated in the files IN THE SUBJECT OF THE EMAIL Attention! * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss. * Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. YOUR ID: 0C677A6E

Extracted

Path

C:\Program Files\Common Files\microsoft shared\ClickToRun\+README-WARNING+.txt

Ransom Note
YOUR FILES ARE ENCRYPTED Your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email: [email protected] and decrypt one file for free. Before paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets,sql. etc.) Do you really want to restore your files? Write to email: [email protected] Your personal ID is indicated in the names of the files and in the end of this message, before writing a message by email - indicate the name of the ID indicated in the files IN THE SUBJECT OF THE EMAIL Attention! * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss. * Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. YOUR ID: 3E384DDC

Targets

    • Target

      2024-12-13_0f464fe6fb33396c435b797d16d4073c_makop

    • Size

      49KB

    • MD5

      0f464fe6fb33396c435b797d16d4073c

    • SHA1

      67dceb30cca1dfdd136f439fb8c3813035549c8b

    • SHA256

      245d77ec0901975b12ac866614ffb4259e1d01d8284a6e9d1424e91c10e608fa

    • SHA512

      59826f5113848dc46f3228c3a17777840bb845783a1dfa7931ad710e7a72a930b7e14bd5c1ee6a0dd9d6c219ba4fe1427d0f7e45fb1d68aedd967a0b58f2e0f0

    • SSDEEP

      768:7AxPvDRD1ayCt3LSUS6QCA3KlRDsKeqRO8785F7HyFj6cBCE2fje0YADWQsMO30/:7CD183dAalnudHyFj6cBSfdYOOBYxYU

    Score
    10/10
    defense_evasiondiscoveryexecutionimpactransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Renames multiple (2803) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

      ransomware

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks