Overview

overview

10

Static

static

6ffd4041aa...93.exe

windows7-x64

10

6ffd4041aa...93.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93

  • Size

    451KB

  • Sample

    221122-awx88sgd6w

  • MD5

    07bc722817c1aaaaf06a7a7f2429b7be

  • SHA1

    fbd06cab5fd64a2095b2a0c8b559da0dbc0d98c7

  • SHA256

    6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93

  • SHA512

    5bf8f877022900eef17fda1ed3b5bd2d9b5939186f44e291bf53b751692f57f6138561eb90ec27bbbfb470baba6dd2b6713b79aa671cb7dc99a37d04725ce391

  • SSDEEP

    12288:pK2mhAMJ/cPlFjVqrZAcxGBu/WLQDoGj9ZIk:I2O/GlFjYAIGBu+LQ8eL

Score
10/10
cloppersistenceransomware

Malware Config

Targets

    • Target

      6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93

    • Size

      451KB

    • MD5

      07bc722817c1aaaaf06a7a7f2429b7be

    • SHA1

      fbd06cab5fd64a2095b2a0c8b559da0dbc0d98c7

    • SHA256

      6ffd4041aaa0e8d138a2876f4bf9046772583f60a024bc9e8bcb6b20963d1e93

    • SHA512

      5bf8f877022900eef17fda1ed3b5bd2d9b5939186f44e291bf53b751692f57f6138561eb90ec27bbbfb470baba6dd2b6713b79aa671cb7dc99a37d04725ce391

    • SSDEEP

      12288:pK2mhAMJ/cPlFjVqrZAcxGBu/WLQDoGj9ZIk:I2O/GlFjYAIGBu+LQ8eL

    Score
    10/10
    cloppersistenceransomware

    • Clop

      Ransomware discovered in early 2019 which has been actively developed since release.

      ransomwareclop

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks