MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 03b5ff330cca623ed119cd2a77b2a142bc38f2a8a3a6e714793fe20f7b0c4051. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Makop


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 03b5ff330cca623ed119cd2a77b2a142bc38f2a8a3a6e714793fe20f7b0c4051
SHA3-384 hash: 8a93619b3c4a80ee64daf423c21bbcf17f1a1f49ac5362caeda1c5e90ebdccec5fe84a9343f54d352ebbf81e32db94b9
SHA1 hash: 0867abf844576d906f05eefc1c32046be5e83b8e
MD5 hash: d338decc4c2d3d093a12740e444286c4
humanhash: timing-arkansas-cola-sodium
File name:03b5ff330cca623ed119cd2a77b2a142bc38f2a8a3a6e714793fe20f7b0c4051
Download: download sample
Signature Makop
Create hunting rule
File size:225'280 bytes
First seen:2020-07-08 10:29:10 UTC
Last seen:2020-07-08 11:51:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 881955d145f98217a3760bf715e0e992 (4 x Makop)
ssdeep 3072:ES6pzeyKBiVr4BNnBNkhu/mN0dP25KR0bcbnl0jlMJFhP:mpzXK8gfRTdP2/2ltP
TLSH C2249E12B6A08572E6A749348C7DDEA0167FFC95C3D019C737A82A2E3E721D1053B66F
Reporter JAMESWT_WT
Tags:makop Ransomware

Intelligence

File Origin
# of uploads :
2
# of downloads :
222
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/23061/
Detection(s):
SecuriteInfo.com.Trojan.Inject3.44414.21393.28373.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a service
Launching cmd.exe command interpreter
Creating a process with a hidden window
Launching a process
Creating a file in the Windows subdirectories
Creating a window
Changing a file
Behavior that indicates a threat
Creating a file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Deleting volume shadow copies
Creating a file in the mass storage device
Unauthorized injection to a system process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/03b5ff330cca623ed119cd2a77b2a142bc38f2a8a3a6e714793fe20f7b0c4051/
Threat name:
Win32.Ransomware.Phobos
Create hunting rule
Status:
Malicious
First seen:
2020-07-08 10:31:04 UTC
File Type:
PE (Exe)
Extracted files:
46
AV detection:
44 of 48 (91.67%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ao276mymzjrd5uizzuvhpmvbik6dr4viuotoofdzh7ra66ymibiq._file
Verdict:
unknown
Result
Malware family:
makop
Create hunting rule
Score:
  10/10
Tags:
ransomware persistence family:makop spyware evasion trojan
Link:
https://tria.ge/reports/200708-s5m1elbnje/
Behaviour
Suspicious use of AdjustPrivilegeToken
Interacts with shadow copies
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Modifies service
Modifies system certificate store
Legitimate hosting services abused for malware hosting/C2
Adds Run entry to start application
Reads user/profile data of web browsers
Deletes backup catalog
Deletes system backup catalog
Deletes shadow copies
Makop
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/23061/

Comments