clop | 343cb2d5900f5fe4abd5442a4a18541753fbb6ca5ff4ee7f2c312ed96e413335[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

343cb2d5900f5fe4abd5442a4a18541753fbb6ca5ff4ee7f2c312ed96e413335.exe
Size

1.0MB
MD5

1e98a8d79ed7afbd77f6536dd7b4398f
SHA1

a074790705ecbede2e67cced4bcb62d833d828a5
SHA256

343cb2d5900f5fe4abd5442a4a18541753fbb6ca5ff4ee7f2c312ed96e413335
SHA512

8bebdba0fdabfcff0b26dafc3b1a71ec50ba0e551bb8a3a82f91c91a1cdc09b6dfe87373c7966c01777265143a32d34bb760e9d4d9e968e3820f5370d95c99f5
SSDEEP

24576:xnuZd8go15167wsK3IPDvN1vDgvRE2qQWhZyWsshlrN36Fl09YSO/k:5kd8goP1CwsSIjTvDg5E2qBhfssTrN3L

Score

10^/10

clop

Malware Config

Signatures

Clop family
clop
Detects Clop payload 1 IoCs

Processes:

resource yara_rule

sample family_clop

resource	yara_rule
sample	family_clop

Files

343cb2d5900f5fe4abd5442a4a18541753fbb6ca5ff4ee7f2c312ed96e413335.exe
.exe windows x86

abce2ca0bead1aaef1e5e2c4297d86bd

Code Sign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-01-2004 00:00

Not After

31-12-2028 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:f5:29:32:de:5d:0e:49:67:b7:16:96:d4:ac:7e:97
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

25-01-2022 00:00

Not After

25-01-2023 23:59

Subject

CN=VANTUN SRL,O=VANTUN SRL,ST=Dolj,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

df:3b:95:9f:cd:9e:9f:71:39:c9:65:67:f2:8a:3a:12:3c:d2:9f:78
Signer

Actual PE Digest

df:3b:95:9f:cd:9e:9f:71:39:c9:65:67:f2:8a:3a:12:3c:d2:9f:78

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=VANTUN SRL,O=VANTUN SRL,ST=Dolj,C=RO

28-12-2022 05:42
Valid: true

Chain 1

CN=VANTUN SRL,O=VANTUN SRL,ST=Dolj,C=RO

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EraseTape
GetSystemDefaultLCID
CreateNamedPipeA
HeapFree
SetPriorityClass
FindFirstFileNameW
GetCommandLineW
EnumCalendarInfoExEx
IsDBCSLeadByteEx
GetCurrentProcess
GetConsoleOutputCP
lstrlenW
GetThreadErrorMode
EnumResourceTypesW
CreateFileMappingNumaW
GetFileBandwidthReservation
GetSystemDefaultUILanguage
GetShortPathNameW
TerminateProcess
GetUserDefaultLangID
GetModuleFileNameW
GetSystemTimes
GetConsoleCP
GetThreadLocale
GlobalUnWire
GetCompressedFileSizeTransactedW
DeleteFileTransactedA
LocalHandle
GetProcessId
EnumResourceNamesA
GetUserDefaultUILanguage
FindNextFileA
DeleteAtom
Wow64GetThreadContext
GetQueuedCompletionStatus
GetFullPathNameA
GetCompressedFileSizeW
FlushProcessWriteBuffers
PeekNamedPipe
GetLargePageMinimum
lstrlenA
CreateMutexA
LocalAlloc
GetFileAttributesW
GetCurrentThreadId
GetPrivateProfileSectionNamesW
UnregisterApplicationRecoveryCallback
IsSystemResumeAutomatic
GetCurrentDirectoryA
GlobalDeleteAtom
QueryMemoryResourceNotification
OpenSemaphoreA
GetAtomNameW
lstrcatA
GetStringScripts
GetSystemDefaultLangID
GetACP
OpenProcess
GetVersion
_lopen
GetCommandLineA
CreateToolhelp32Snapshot
CreateEventW
QueryActCtxW
Sleep
EnumUILanguagesA
GlobalAddAtomA
GetTickCount64
GetLargestConsoleWindowSize
GetFileAttributesA
TzSpecificLocalTimeToSystemTime
ZombifyActCtx
Process32NextW
GetMaximumProcessorGroupCount
ConvertDefaultLocale
FlushViewOfFile
GetThreadUILanguage
GetUserDefaultLCID
SetEvent
DefineDosDeviceA
GetDiskFreeSpaceExW
GetCurrentThread
TerminateThread
GetActiveProcessorGroupCount
FindCloseChangeNotification
GetProfileIntA
LoadLibraryA
TlsAlloc
GetSystemDEPPolicy
Process32FirstW
HeapReAlloc
AddConsoleAliasA
CreateThreadpoolCleanupGroup
CompareStringEx
GetOEMCP
LoadLibraryW
GetThreadIOPendingFlag
HeapAlloc
CloseHandle
GetDefaultCommConfigW
SwitchToThread
GetNamedPipeServerProcessId
MoveFileWithProgressA
FindNextFileNameW
EnumSystemLanguageGroupsA
IsThreadAFiber
GetCurrentProcessorNumber
ReadDirectoryChangesW
GetSystemWow64DirectoryA
GetErrorMode
VirtualLock
FindAtomA
UnregisterApplicationRestart
SetFileApisToOEM
ReplaceFileW
_lread
WTSGetActiveConsoleSessionId
NeedCurrentDirectoryForExePathA
ExitProcess
FindAtomW
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GetModuleHandleW
FreeLibrary
CreateSemaphoreW
CreateSymbolicLinkW
GetConsoleWindow
GetLongPathNameTransactedW
DeleteBoundaryDescriptor
OpenFileMappingA
lstrcmpiA
TlsGetValue
BeginUpdateResourceW
ConvertFiberToThread
SetFileApisToANSI
MoveFileTransactedA
VirtualFreeEx
GetTempFileNameA
lstrcmpiW
GetPrivateProfileStringA
GetEnvironmentStringsW
WaitNamedPipeW
lstrcmpW
EnumDateFormatsW
LocalUnlock
GetConsoleAliasExesLengthA
GetDriveTypeW
InterlockedPopEntrySList
IsDebuggerPresent
CreateTimerQueue
IsBadStringPtrW
SizeofResource
LockResource
LoadResource
FindResourceW
DecodePointer
WriteConsoleW
SetFilePointerEx
ReadConsoleW
SetEndOfFile
GetConsoleMode
FlushFileBuffers
HeapSize
GetStringTypeW
SetStdHandle
LCMapStringW
FreeEnvironmentStringsW
GetCPInfo
IsValidCodePage
FindFirstFileExW
GetFileType
GetModuleHandleExW
WideCharToMultiByte
GetPrivateProfileSectionNamesA
WriteProfileStringW
GetLogicalDrives
AddVectoredContinueHandler
GetConsoleAliasExesLengthW
InitializeSRWLock
AreFileApisANSI
GlobalUnlock
GetTickCount
MapViewOfFile
CreateFileMappingW
lstrcpyW
GlobalLock
FreeConsole
CreateThread
GlobalFree
lstrcpyA
GlobalAlloc
lstrcatW
GetLastError
SetFileAttributesW
ExitThread
UnmapViewOfFile
CreateFileW
WaitForSingleObject
FindClose
SetFilePointer
SetErrorMode
VirtualAlloc
WriteFile
FindNextFileW
MultiByteToWideChar
GetStdHandle
LoadLibraryExW
GetProcAddress
TlsFree
TlsSetValue
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
VirtualFree
FindFirstFileW
GetCurrencyFormatW
ReadFile
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
GetStartupInfoW
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
RaiseException

user32

GetNextDlgGroupItem
PtInRect
InvalidateRect
ReleaseDC
CharUpperW
wsprintfW
GetDesktopWindow
CharNextA
IsCharLowerW
DefWindowProcW
GetFocus
IsWindowVisible
GetClipboardViewer
DeleteMenu
CreatePopupMenu
DrawIcon
DestroyCursor
LoadStringW
GetMenuCheckMarkDimensions
CloseClipboard
GetForegroundWindow
EnumClipboardFormats
DestroyMenu
IntersectRect
GetMenuStringW
GetUpdateRect
GetTabbedTextExtentW
IsClipboardFormatAvailable
CharUpperBuffW
GetCaretBlinkTime
HiliteMenuItem

gdi32

FrameRgn
CreateFontW
ExtFloodFill
Polyline
GetDIBits
CreatePolyPolygonRgn
PolyPolygon
SetBkColor
Ellipse
GetSystemPaletteUse
InvertRgn
FillRgn
GetCharWidthW
Pie

advapi32

RegCreateKeyExW
GetTokenInformation
LookupAccountSidW
RegDeleteTreeA
RegDisablePredefinedCacheEx
RevertToSelf
CryptAcquireContextW
SetServiceStatus
CryptEncrypt
RegisterServiceCtrlHandlerW
OpenProcessToken
CreateProcessAsUserW
StartServiceCtrlDispatcherW
RegRestoreKeyW
DuplicateTokenEx

shell32

SHGetSpecialFolderPathW

mpr

WNetCloseEnum
WNetEnumResourceW
WNetOpenEnumW

shlwapi

PathFindFileNameW
StrStrW

crypt32

CryptStringToBinaryA
CryptDecodeObjectEx
CryptImportPublicKeyInfo

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW

Sections

.text
Size: 844KB - Virtual size: 843KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

abce2ca0bead1aaef1e5e2c4297d86bd

Code Sign

01Certificate

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

59:f5:29:32:de:5d:0e:49:67:b7:16:96:d4:ac:7e:97Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

df:3b:95:9f:cd:9e:9f:71:39:c9:65:67:f2:8a:3a:12:3c:d2:9f:78Signer

Signature Validations

Verification

28-12-2022 05:42 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

mpr

shlwapi

crypt32

userenv

wtsapi32

Sections

.text Size: 844KB - Virtual size: 843KB

.rdata Size: 31KB - Virtual size: 31KB

.data Size: 2KB - Virtual size: 12KB

.gfids Size: 512B - Virtual size: 172B

.rsrc Size: 53KB - Virtual size: 52KB

.reloc Size: 91KB - Virtual size: 91KB

01
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

59:f5:29:32:de:5d:0e:49:67:b7:16:96:d4:ac:7e:97
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

df:3b:95:9f:cd:9e:9f:71:39:c9:65:67:f2:8a:3a:12:3c:d2:9f:78
Signer

28-12-2022 05:42
Valid: true

.text
Size: 844KB - Virtual size: 843KB

.rdata
Size: 31KB - Virtual size: 31KB

.data
Size: 2KB - Virtual size: 12KB

.gfids
Size: 512B - Virtual size: 172B

.rsrc
Size: 53KB - Virtual size: 52KB

.reloc
Size: 91KB - Virtual size: 91KB