clop

General

Target

ee83fd9b8368bd4d2cdbebdccfdb41373c3c490d9c5b8d17530990e084131f29
Size

100KB
Sample

201014-vhgwt22z9s
MD5

974d2bbdfb2b3c3a84334358ad648c28
SHA1

57a52a49a6b47b990d3a51f4753da9d9b34718e2
SHA256

ee83fd9b8368bd4d2cdbebdccfdb41373c3c490d9c5b8d17530990e084131f29
SHA512

6862ce37e714dfe4ea97690e2e7b6c81c6775e7a32139e6c7b39633e90a336ca93de5d6d633efa3bc35fd956dfe80e08691e1881bcb9b535207d8452cac148c0

Score

10^/10

clop ransomware

Malware Config

Extracted

Path

C:\ClopReadMe.txt

Family

clop

Ransom Note

Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted or deleted or backup disks were formatted. Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation No decryption software is available in the public. DO NOT RESET OR SHUTDOWN – files may be damaged. DO NOT RENAME OR MOVE the encrypted and readme files. DO NOT DELETE readme files. This may lead to the impossibility of recovery of the certain files. Photorec, RannohDecryptor etc. repair tools are useless and can destroy your files irreversibly. If you want to restore your files write to emails (contacts are at the bottom of the sheet) and attach 2-3 encrypted files (Less than 5 Mb each, non-archived and your files should not contain valuable information (Databases, backups, large excel sheets, etc.)). You will receive decrypted samples and our conditions how to get the decoder. Attention!!! Your warranty - decrypted samples. Do not rename encrypted files. Do not try to decrypt your data using third party software. We don`t need your files and your information. But after 2 weeks all your files and keys will be deleted automatically. Contact emails: [email protected] or [email protected] The final price depends on how fast you write to us. Clop

Emails

[email protected]

Targets

- Target
  
  ee83fd9b8368bd4d2cdbebdccfdb41373c3c490d9c5b8d17530990e084131f29
- Size
  
  100KB
- MD5
  
  974d2bbdfb2b3c3a84334358ad648c28
- SHA1
  
  57a52a49a6b47b990d3a51f4753da9d9b34718e2
- SHA256
  
  ee83fd9b8368bd4d2cdbebdccfdb41373c3c490d9c5b8d17530990e084131f29
- SHA512
  
  6862ce37e714dfe4ea97690e2e7b6c81c6775e7a32139e6c7b39633e90a336ca93de5d6d633efa3bc35fd956dfe80e08691e1881bcb9b535207d8452cac148c0
Score

10^/10

ransomware clop
- Clop
  Ransomware discovered in early 2019 which has been actively developed since release.
  ransomware clop
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Modifies extensions of user files

Drops desktop.ini file(s)

Enumerates connected drives

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2