Static task
static1
Behavioral task
behavioral1
Sample
220c50ccf6a9d9727e9f442df42469f027d9f7a2ea833319971746280023bb0c.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
220c50ccf6a9d9727e9f442df42469f027d9f7a2ea833319971746280023bb0c.exe
Resource
win10v2004-20220414-en
General
-
Target
220c50ccf6a9d9727e9f442df42469f027d9f7a2ea833319971746280023bb0c.bin
-
Size
112KB
-
MD5
19b0c716f3f86bb852cfcf2507126c1d
-
SHA1
4c3ec46cdc8ba7e18b8e37b4396ddf0219058b9a
-
SHA256
220c50ccf6a9d9727e9f442df42469f027d9f7a2ea833319971746280023bb0c
-
SHA512
2e7ac4158886577016467d8ce3906310c1a9d740fcbbc744b27f986aef67e3002c6f4ac3291c249d6095c8d57d5ce6df8a735471a46ead9ab346eced08f389e9
-
SSDEEP
3072:Me+AWHmhCmRcjx2ScawbA3CtFmRwxHPnEH7:Me9hKUoq8KJnEH7
Malware Config
Signatures
-
Clop family
-
Detects Clop Payload 1 IoCs
Processes:
resource yara_rule sample family_clop
Files
-
220c50ccf6a9d9727e9f442df42469f027d9f7a2ea833319971746280023bb0c.bin.exe windows x86
f33c7aaba5188ab257bafef74b9ebf68
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
lstrcpyA
GlobalFree
CloseHandle
CreateThread
MoveFileExW
lstrcpyW
CreateFileMappingW
MapViewOfFile
lstrcmpW
GetShortPathNameA
GetModuleFileNameA
BeginUpdateResourceA
EraseTape
FindFirstVolumeW
GetProfileSectionW
GetCurrentProcess
lstrlenW
CancelDeviceWakeupRequest
TerminateProcess
GlobalUnWire
GetConsoleTitleW
EnumResourceNamesW
CreateMutexW
OpenFile
GetEnvironmentVariableA
EnumSystemCodePagesW
CancelThreadpoolIo
GlobalDeleteAtom
QueryMemoryResourceNotification
GetACP
OpenProcess
FindFirstVolumeMountPointA
FindActCtxSectionStringA
CreateToolhelp32Snapshot
CreateEventW
Sleep
GetLastError
GetConsoleAliasesLengthW
Process32NextW
CreateFileA
SetEvent
DefineDosDeviceA
DeleteFileW
GetCurrentThread
GetSystemDirectoryA
Process32FirstW
GlobalFindAtomW
QueueUserAPC
LocalSize
FindAtomA
ExitProcess
FreeLibrary
GetSystemTime
GlobalUnlock
GetDriveTypeW
FindFirstFileTransactedA
CreateTimerQueue
SizeofResource
GetCurrentDirectoryA
LockResource
LoadResource
FindResourceW
GetModuleHandleW
DecodePointer
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
GetStringTypeW
GlobalAlloc
ReadFile
lstrcatW
GetFileType
SetStdHandle
OutputDebugStringW
SetFileAttributesW
UnmapViewOfFile
CreateFileW
WaitForSingleObject
FindClose
lstrlenA
SetFilePointer
SetErrorMode
VirtualAlloc
LCMapStringW
WriteFile
FindNextFileW
VirtualFree
FindFirstFileW
GetSystemFileCacheSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcAddress
LoadLibraryExW
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleExW
HeapFree
HeapAlloc
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
user32
GetWindowTextW
wsprintfW
GetDC
EqualRect
wsprintfA
DestroyIcon
GetKeyboardLayout
EnumWindows
CharUpperBuffW
GetDesktopWindow
GetLastActivePopup
gdi32
CreateDIBPatternBrush
GetTextCharset
winspool.drv
OpenPrinterA
advapi32
RegisterServiceCtrlHandlerW
CryptGenKey
CryptExportKey
CryptEncrypt
CryptAcquireContextW
SetServiceStatus
CryptReleaseContext
StartServiceCtrlDispatcherW
CryptDestroyKey
shell32
SHGetSpecialFolderPathW
ShellExecuteA
shlwapi
StrStrW
crypt32
CryptStringToBinaryA
CryptImportPublicKeyInfoEx
CryptDecodeObjectEx
mpr
WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum
Sections
.text Size: 55KB - Virtual size: 55KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfids Size: 512B - Virtual size: 172B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ