clop | 220c50ccf6a9d9727e9f442df42469f027d9f7a2ea833319971746280023bb0c[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

220c50ccf6a9d9727e9f442df42469f027d9f7a2ea833319971746280023bb0c.zip
Size

55KB
MD5

63eac13950a3e83e48d5b8453058d373
SHA1

7189d074191f34e817d49a6bbd6c848552e215ba
SHA256

2d84c5c2da15108fe2ca5f5694d8f4612d5a507ebf4b7b2d471871f0fa8d2cca
SHA512

55c44ea2baff7f3b3d4f7b398b22e4aa56f1983c846a19aa170c68f6908f02a387c0a44bfb840a072962b37310a394029478de6838c72b2536f49d71c2283a7f
SSDEEP

1536:kBjaZQGLTVyr0RdAzI0cEALnKWV+VT8fxb:k1aZQGLTE0ozI0cIs+WV

Score

10^/10

clop

Malware Config

Signatures

Clop family
clop

Detects Clop payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/220c50ccf6a9d9727e9f442df42469f027d9f7a2ea833319971746280023bb0c.exe	family_clop

Files

220c50ccf6a9d9727e9f442df42469f027d9f7a2ea833319971746280023bb0c.zip
.zip

Password: infected
220c50ccf6a9d9727e9f442df42469f027d9f7a2ea833319971746280023bb0c.exe
.exe windows x86

Password: infected

f33c7aaba5188ab257bafef74b9ebf68

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpyA
GlobalFree
CloseHandle
CreateThread
MoveFileExW
lstrcpyW
CreateFileMappingW
MapViewOfFile
lstrcmpW
GetShortPathNameA
GetModuleFileNameA
BeginUpdateResourceA
EraseTape
FindFirstVolumeW
GetProfileSectionW
GetCurrentProcess
lstrlenW
CancelDeviceWakeupRequest
TerminateProcess
GlobalUnWire
GetConsoleTitleW
EnumResourceNamesW
CreateMutexW
OpenFile
GetEnvironmentVariableA
EnumSystemCodePagesW
CancelThreadpoolIo
GlobalDeleteAtom
QueryMemoryResourceNotification
GetACP
OpenProcess
FindFirstVolumeMountPointA
FindActCtxSectionStringA
CreateToolhelp32Snapshot
CreateEventW
Sleep
GetLastError
GetConsoleAliasesLengthW
Process32NextW
CreateFileA
SetEvent
DefineDosDeviceA
DeleteFileW
GetCurrentThread
GetSystemDirectoryA
Process32FirstW
GlobalFindAtomW
QueueUserAPC
LocalSize
FindAtomA
ExitProcess
FreeLibrary
GetSystemTime
GlobalUnlock
GetDriveTypeW
FindFirstFileTransactedA
CreateTimerQueue
SizeofResource
GetCurrentDirectoryA
LockResource
LoadResource
FindResourceW
GetModuleHandleW
DecodePointer
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
GetStringTypeW
GlobalAlloc
ReadFile
lstrcatW
GetFileType
SetStdHandle
OutputDebugStringW
SetFileAttributesW
UnmapViewOfFile
CreateFileW
WaitForSingleObject
FindClose
lstrlenA
SetFilePointer
SetErrorMode
VirtualAlloc
LCMapStringW
WriteFile
FindNextFileW
VirtualFree
FindFirstFileW
GetSystemFileCacheSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcAddress
LoadLibraryExW
GetStdHandle
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleExW
HeapFree
HeapAlloc
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException

user32

GetWindowTextW
wsprintfW
GetDC
EqualRect
wsprintfA
DestroyIcon
GetKeyboardLayout
EnumWindows
CharUpperBuffW
GetDesktopWindow
GetLastActivePopup

gdi32

CreateDIBPatternBrush
GetTextCharset

winspool.drv

OpenPrinterA

advapi32

RegisterServiceCtrlHandlerW
CryptGenKey
CryptExportKey
CryptEncrypt
CryptAcquireContextW
SetServiceStatus
CryptReleaseContext
StartServiceCtrlDispatcherW
CryptDestroyKey

shell32

SHGetSpecialFolderPathW
ShellExecuteA

shlwapi

StrStrW

crypt32

CryptStringToBinaryA
CryptImportPublicKeyInfoEx
CryptDecodeObjectEx

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

f33c7aaba5188ab257bafef74b9ebf68

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

crypt32

mpr

Sections

.text Size: 55KB - Virtual size: 55KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 172B

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 55KB - Virtual size: 55KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 172B

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 5KB - Virtual size: 4KB