clop | 21e262c37c19c17c206a75c6f19e971a72eb28255dc033036aedf5d92069d9a5

Sharing

Copy URL

Twitter E-mail

General

Target

21e262c37c19c17c206a75c6f19e971a72eb28255dc033036aedf5d92069d9a5
Size

3.0MB
MD5

c6443f06c18f6a1ffabe0edd08f30426
SHA1

2b910acdc710f971a6278fcfb94ebaa0147622c5
SHA256

21e262c37c19c17c206a75c6f19e971a72eb28255dc033036aedf5d92069d9a5
SHA512

6922f1952653e1a1f1483da74c0d906e0a1e51cfada015574fd25c8ceb31eae19732995acfe2cc2c8fc8d0976f26a1728a83e911c3bffe4e23667980276e8693
SSDEEP

49152:sAEn/8BIGovP2WS9bPa9tYisFPXQku/ZX4L36Q83goykn90t80:sDn/8B3oX2WSdPkY+XZIL36QagoRnWt

Score

10^/10

clop

Malware Config

Signatures

Clop family
clop

Detects Clop payload 1 IoCs

resource	yara_rule
sample	family_clop

Files

21e262c37c19c17c206a75c6f19e971a72eb28255dc033036aedf5d92069d9a5
.exe windows x86

1c97abdb2c724bd60fb2cdd4b2b32304

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
GetEnvironmentVariableW
CreateDirectoryW
DefineDosDeviceW
DeleteFileA
FindFirstChangeNotificationW
FindFirstVolumeW
GetDriveTypeW
GetFileAttributesExW
GetFullPathNameA
GetLogicalDrives
LockFile
UnlockFileEx
GetTempPathW
AreFileApisANSI
FindNextFileNameW
SetFileApisToOEM
SetFileApisToANSI
IsDebuggerPresent
OutputDebugStringW
DecodeSystemPointer
GetErrorMode
GetThreadErrorMode
FlsGetValue
IsThreadAFiber
HeapAlloc
HeapFree
GetProcessHeap
HeapCompact
HeapValidate
GetQueuedCompletionStatusEx
CancelIo
AcquireSRWLockExclusive
SetEvent
CreateMutexA
CreateEventW
CreateWaitableTimerExW
Sleep
GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
ExitProcess
TerminateProcess
SwitchToThread
GetCurrentThread
GetCurrentThreadId
SuspendThread
TlsAlloc
CreateProcessW
SetPriorityClass
FlushProcessWriteBuffers
FlushInstructionCache
OpenProcess
GetCurrentProcessorNumber
GetSystemTimes
GetVersion
GetTickCount64
GetSystemDirectoryW
GetWindowsDirectoryA
GetWindowsDirectoryW
GetComputerNameExA
GetNativeSystemInfo
VirtualFreeEx
GetLargePageMinimum
AllocateUserPhysicalPages
CreateTimerQueue
CreateThreadpoolCleanupGroup
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
DisableThreadLibraryCalls
FindResourceExW
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress
LoadLibraryW
QueryIdleProcessorCycleTime
GlobalHandle
GlobalMemoryStatus
LocalShrink
GetProcessAffinityMask
FatalExit
ConvertFiberToThread
IsSystemResumeAutomatic
GlobalDeleteAtom
GetSystemDEPPolicy
FileTimeToDosDateTime
CreateMailslotA
lstrcmpiW
lstrlenA
lstrlenW
OpenFileMappingA
GetCommandLineA
GlobalFindAtomW
AddAtomW
WriteProfileSectionA
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileStringA
WritePrivateProfileStringW
CreateDirectoryExA
UnmapViewOfFile
DeleteFileTransactedW
CopyFileW
MoveFileW
IsBadReadPtr
BuildCommDCBAndTimeoutsW
GetComputerNameW
FileTimeToSystemTime
OpenJobObjectA
CreateActCtxA
AddRefActCtx
WTSGetActiveConsoleSessionId
GetActiveProcessorGroupCount
GetMaximumProcessorGroupCount
UnregisterApplicationRecoveryCallback
UnregisterApplicationRestart
OpenFileById
CreateSymbolicLinkW
GetACP
GetOEMCP
IsDBCSLeadByte
LCIDToLocaleName
GetNumberFormatW
EnumCalendarInfoExA
EnumDateFormatsExA
GetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetSystemDefaultLangID
GetUserDefaultLangID
GetSystemDefaultLCID
GetUserDefaultLCID
GetThreadUILanguage
GetStringTypeA
EnumLanguageGroupLocalesW
WriteConsoleInputW
WriteConsoleOutputA
WriteConsoleOutputCharacterW
GetConsoleFontSize
FreeConsole
GetConsoleOriginalTitleW
GetConsoleCP
GetConsoleOutputCP
GetConsoleWindow
GetConsoleAliasesLengthA
GetConsoleAliasExesLengthA
GetConsoleAliasExesLengthW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleHandleW
LoadResource
LockResource
SizeofResource
FindResourceW
WriteConsoleW
SetFilePointerEx
SetEndOfFile
FlushFileBuffers
ReadConsoleW
GetConsoleMode
HeapReAlloc
HeapSize
LCMapStringW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetCPInfo
IsValidCodePage
FindFirstFileExW
GetEnvironmentStringsW
lstrcatW
lstrcpyW
lstrcpyA
GlobalFree
GlobalUnlock
GlobalLock
GetStartupInfoA
GlobalAlloc
MapViewOfFile
CreateFileMappingW
VirtualFree
VirtualAlloc
GetTickCount
ExitThread
CreateThread
WaitForSingleObject
SetErrorMode
GetLastError
CloseHandle
WriteFile
SetFilePointer
SetFileAttributesW
ReadFile
FindNextFileW
GetFileType
GetModuleHandleExW
WideCharToMultiByte
MultiByteToWideChar
GetStdHandle
RaiseException
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
FindFirstFileW
FindClose
ReOpenFile
CreateFileW
GetStartupInfoW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DecodePointer

user32

SwapMouseButton
GetNextDlgGroupItem
CloseClipboard
EnumClipboardFormats
CharUpperW
CharUpperBuffW
CharNextA
CharPrevA
IsCharAlphaNumericW
GetFocus
GetKeyNameTextW
wsprintfW
IsClipboardFormatAvailable
TranslateMDISysAccel
DefFrameProcW
LoadCursorW
FindWindowW
FindWindowA
GetDesktopWindow
FillRect
ScrollWindow
GetForegroundWindow
UpdateWindow
TrackPopupMenu
AppendMenuW
GetKeyboardType

gdi32

GetSystemPaletteEntries
GetMetaFileW
GetDIBits
GetCharWidthW
Escape
CreatePatternBrush
CreateBrushIndirect
PaintRgn

advapi32

RegUnLoadKeyA
CreateProcessAsUserW
OpenProcessToken
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
CryptAcquireContextW
RegLoadMUIStringW
CryptEncrypt
RegNotifyChangeKeyValue
RegDisablePredefinedCacheEx
LookupAccountSidW
RevertToSelf
GetTokenInformation
DuplicateTokenEx

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize

oleaut32

VariantClear
SysAllocString
VariantInit

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

shlwapi

StrStrW
PathFindFileNameW

crypt32

CryptImportPublicKeyInfo
CryptDecodeObjectEx
CryptStringToBinaryA

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSEnumerateSessionsW
WTSQuerySessionInformationW
WTSQueryUserToken
WTSFreeMemory

rstrtmgr

RmStartSession
RmGetList
RmRegisterResources
RmEndSession
RmRestart
RmShutdown

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 302KB - Virtual size: 302KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c97abdb2c724bd60fb2cdd4b2b32304

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

mpr

shlwapi

crypt32

userenv

wtsapi32

rstrtmgr

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 3KB - Virtual size: 13KB

.gfids Size: 512B - Virtual size: 172B

.rsrc Size: 73KB - Virtual size: 73KB

.reloc Size: 302KB - Virtual size: 302KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 3KB - Virtual size: 13KB

.gfids
Size: 512B - Virtual size: 172B

.rsrc
Size: 73KB - Virtual size: 73KB

.reloc
Size: 302KB - Virtual size: 302KB