Extracted

• • Target

    2025-03-21_5c48b93df8207e404318b292bfe910d1_makop

  • Size

    47KB

  • MD5

    5c48b93df8207e404318b292bfe910d1

  • SHA1

    66bb4b52371c32b8015eea3b136816bdb221cd93

  • SHA256

    9b0c1a34ff866490ee3db6e61fde2b97173dd95d02ba4fdceeacbe3e9441ee3c

  • SHA512

    7a2020a613ec2aaee5332f1485837d55b593b9cc6b2db3db8c7c1e7b37ff496d378c2143d9c47ca7a89d63f7b8b1f5f3cb12d3dcc1668f8697090714ff07e98d

  • SSDEEP

    768:YgqXOpw0VIWzh+1mQjPW+yHdykGlsxxGfnk70R6iOw4SbzxClJADVDwkvDx5TSBH:YvOpwmZUmQjCHdmKKR6iuoClJADVDrx6

  Score

  10^/10

  discoverymakopcredential_accessdefense_evasionexecutionimpactransomwarespywarestealer

  • Makop

    Ransomware family discovered by @VK_Intel in early 2020.

    ransomwaremakop

  • Makop family

    makop

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Renames multiple (9231) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Deletes backup catalog

    Uses wbadmin.exe to inhibit system recovery.

    ransomware

  • Stops running service(s)

    defense_evasionexecution

  • Credentials from Password Stores: Windows Credential Manager

    Suspicious access to Credentials History.

    credential_accessstealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  behavioral1behavioral2