General
-
Target
2025-02-18_5c0eb83fc20cd39fd9b66310d91c9f8f_makop
-
Size
49KB
-
Sample
250218-psafbsznht
-
MD5
5c0eb83fc20cd39fd9b66310d91c9f8f
-
SHA1
8d0a53c54ea13b3bfe5b7e64b443f957b4b1b41a
-
SHA256
b9d15b25c5b1e16e0264cc2f0569fd3be50b5ebdc2a240eb3d831b46f71629a8
-
SHA512
6a6607e5e58a9aa678aa3fcc871a40418e6dc00f43f7041d46bfb87c8e64061713c0141ce2a72b8cbd0188c72cdf430b36807145ed27c4c8ac5d231f6dfc25e6
-
SSDEEP
768:iAxPvTRD1ayCt3LSUS6QCA3KlRDsKeqRO8785F7HyFj6cBCE2fje0YADPHvcVSa5:iqD183dAalnudHyFj6cBSfdYO3cVSag
Malware Config
Targets
-
-
Target
2025-02-18_5c0eb83fc20cd39fd9b66310d91c9f8f_makop
-
Size
49KB
-
MD5
5c0eb83fc20cd39fd9b66310d91c9f8f
-
SHA1
8d0a53c54ea13b3bfe5b7e64b443f957b4b1b41a
-
SHA256
b9d15b25c5b1e16e0264cc2f0569fd3be50b5ebdc2a240eb3d831b46f71629a8
-
SHA512
6a6607e5e58a9aa678aa3fcc871a40418e6dc00f43f7041d46bfb87c8e64061713c0141ce2a72b8cbd0188c72cdf430b36807145ed27c4c8ac5d231f6dfc25e6
-
SSDEEP
768:iAxPvTRD1ayCt3LSUS6QCA3KlRDsKeqRO8785F7HyFj6cBCE2fje0YADPHvcVSa5:iqD183dAalnudHyFj6cBSfdYO3cVSag
Score9/10-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Renames multiple (2777) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes backup catalog
Uses wbadmin.exe to inhibit system recovery.
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-