Extracted

• • Target

    c7e52cc6f1f659ec5d30473e89b7136216de5fbe53ec77a62f1a486d8ffe78ed

  • Size

    100KB

  • MD5

    bb0a17a7e856d61bd43c62a822d96b07

  • SHA1

    aca43b3ca96ca6c80219d9e4ed8d498001313c5e

  • SHA256

    c7e52cc6f1f659ec5d30473e89b7136216de5fbe53ec77a62f1a486d8ffe78ed

  • SHA512

    8ee7b45476d3efdfdf3161c474c347b39a954ae04042f8f9b5a0a2db7291982a253c924d0668d942c253fd7c25fda7a3270cfaacd00de2a960d8065bb5c01f77

  Score

  10^/10

  clopransomwarepersistence

  • Clop

    Ransomware discovered in early 2019 which has been actively developed since release.

    ransomwareclop

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Sets service image path in registry

    persistence

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2