makop | 4d5368ea6488cedce01f8b2c1ed77e45d37dc2adf1ed0bada3932412bc0732f0 | Triage

Submit
Reports

Overview

overview

Static

static

2025-02-05...op.exe

windows7-x64

9

2025-02-05...op.exe

windows10-2004-x64

9

Sharing

General

Target

2025-02-05_f3f1c4b0746b99a513876f5c61e2ad47_makop
Size

49KB
Sample

250205-d6hs3sxmhy
MD5

f3f1c4b0746b99a513876f5c61e2ad47
SHA1

e9851fdcdbe37ed4d8fabedd02862e5fe1edea5a
SHA256

4d5368ea6488cedce01f8b2c1ed77e45d37dc2adf1ed0bada3932412bc0732f0
SHA512

b1105d997db5563464610fa29e5cf7769978188a70c137f305cbf12d189c3309cc5b8dcf5c5b3c270859e138533897920a1c6cdd1a20575b7b1a4f37731e4a73
SSDEEP

768:NAxPvARD1ayCt3LSUS6QCA3KlRDsKeqRO8785F7HyFj6cBCE2fje0YADpnsTqFoN:NnD183dAalnudHyFj6cBSfdYOJU5Xo

Score

10^/10

makop defense_evasion discovery execution impact ransomware spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2025-02-05_f3f1c4b0746b99a513876f5c61e2ad47_makop.exe

Resource

win7-20240903-en

defense_evasion discovery execution impact ransomware spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

2025-02-05_f3f1c4b0746b99a513876f5c61e2ad47_makop.exe

Resource

win10v2004-20250129-en

defense_evasion discovery execution impact ransomware

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  2025-02-05_f3f1c4b0746b99a513876f5c61e2ad47_makop
- Size
  
  49KB
- MD5
  
  f3f1c4b0746b99a513876f5c61e2ad47
- SHA1
  
  e9851fdcdbe37ed4d8fabedd02862e5fe1edea5a
- SHA256
  
  4d5368ea6488cedce01f8b2c1ed77e45d37dc2adf1ed0bada3932412bc0732f0
- SHA512
  
  b1105d997db5563464610fa29e5cf7769978188a70c137f305cbf12d189c3309cc5b8dcf5c5b3c270859e138533897920a1c6cdd1a20575b7b1a4f37731e4a73
- SSDEEP
  
  768:NAxPvARD1ayCt3LSUS6QCA3KlRDsKeqRO8785F7HyFj6cBCE2fje0YADpnsTqFoN:NnD183dAalnudHyFj6cBSfdYOJU5Xo
Score

9^/10

defense_evasion discovery execution impact ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Renames multiple (8316) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Deletes backup catalog
  Uses wbadmin.exe to inhibit system recovery.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Windows Management Instrumentation

Persistence

Privilege Escalation

Defense Evasion

Direct Volume Access

Indicator Removal

File Deletion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

defense_evasiondiscoveryexecutionimpactransomwarespywarestealer

behavioral2

defense_evasiondiscoveryexecutionimpactransomware

© 2018-2025

Terms | Privacy