Resubmissions

01-08-2022 08:17

220801-j625lsfeck 10

05-07-2022 14:57

220705-sby9xaccb4 10

05-07-2022 14:36

220705-ryptbacah4 10

26-07-2021 12:57

210726-wxmw2p8876 10

General

  • Target

    d0cde86d47219e9c56b717f55dcdb01b0566344c13aa671613598cab427345b9.sample

  • Size

    235KB

  • Sample

    220801-j625lsfeck

  • MD5

    c41a0e1ddeb85b6326a3dc403a5fd0fa

  • SHA1

    3c8e60ce5ff0cb21be39d1176d1056f9ef9438fa

  • SHA256

    d0cde86d47219e9c56b717f55dcdb01b0566344c13aa671613598cab427345b9

  • SHA512

    2e380295fe24b54e04699a43f4b124501f4b25ca356857b7a137718f1904dd60c3d7f40cea11063acbf15f5db85712d94a4572b8729d7cdc20ae9de9ace1882a

Score
10/10

Malware Config

Extracted

Path

C:\ClopReadMe.txt

Family

clop

Ransom Note
Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted or deleted or backup disks were formatted. Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation No decryption software is available in the public. DO NOT RESET OR SHUTDOWN – files may be damaged. DO NOT RENAME OR MOVE the encrypted and readme files. DO NOT DELETE readme files. This may lead to the impossibility of recovery of the certain files. Photorec, RannohDecryptor etc. repair tools are useless and can destroy your files irreversibly. If you want to restore your files write to emails (contacts are at the bottom of the sheet) and attach 2-3 encrypted files (Less than 5 Mb each, non-archived and your files should not contain valuable information (Databases, backups, large excel sheets, etc.)). You will receive decrypted samples and our conditions how to get the decoder. Attention!!! Your warranty - decrypted samples. Do not rename encrypted files. Do not try to decrypt your data using third party software. We don`t need your files and your information. But after 2 weeks all your files and keys will be deleted automatically. Contact emails: [email protected] or [email protected] The final price depends on how fast you write to us. Clop

Targets

    • Target

      d0cde86d47219e9c56b717f55dcdb01b0566344c13aa671613598cab427345b9.sample

    • Size

      235KB

    • MD5

      c41a0e1ddeb85b6326a3dc403a5fd0fa

    • SHA1

      3c8e60ce5ff0cb21be39d1176d1056f9ef9438fa

    • SHA256

      d0cde86d47219e9c56b717f55dcdb01b0566344c13aa671613598cab427345b9

    • SHA512

      2e380295fe24b54e04699a43f4b124501f4b25ca356857b7a137718f1904dd60c3d7f40cea11063acbf15f5db85712d94a4572b8729d7cdc20ae9de9ace1882a

    Score
    10/10
    • Clop

      Ransomware discovered in early 2019 which has been actively developed since release.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks