Extracted

• • Target

    2025-01-23_09e4145752538b2ec9fe7f7cd815c3f6_makop

  • Size

    47KB

  • MD5

    09e4145752538b2ec9fe7f7cd815c3f6

  • SHA1

    b487a26d5b90134b24ca9f3712458aeec3c4f503

  • SHA256

    71bb84184879546b873b4c50c248d845983441ad0cd96529be6738f1d08e8271

  • SHA512

    ef982d17ee8816f886762c0e6a9fbb8a75b1159439b44fc4de41ced738d0700944e7a656114a34ca4369ed2301ad746c144edee7421181933ffae1b457cf6f73

  • SSDEEP

    768:TVOlQ16a1hs+meAxmQj3292Q62+cCfy6sXtPxGkZxZRlfIi34IkwNrFdSGjjxkm/:ToQ16IsJHmQjo62+cV9t9xZR553bNFd2

  Score

  10^/10

  makopdefense_evasiondiscoveryexecutionimpactransomwarespywarestealercredential_access

  • Makop

    Ransomware family discovered by @VK_Intel in early 2020.

    ransomwaremakop

  • Makop family

    makop

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (8337) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Stops running service(s)

    defense_evasionexecution

  • Credentials from Password Stores: Windows Credential Manager

    Suspicious access to Credentials History.

    credential_accessstealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  behavioral1behavioral2