Overview

overview

10

Static

static

3

3320f11728...07.exe

windows7-x64

10

3320f11728...07.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8752a7a052ba75239b86b0da1d483dd7.bin

  • Size

    52KB

  • Sample

    230608-b322faba4z

  • MD5

    3e4bdfe289b837d7a0102a57f9c7629e

  • SHA1

    ee492aa38b2d07351f46452f9def83a59a007ac0

  • SHA256

    dda1f8f776539f93daaa1e1b955d6a395fc689ab31afd8fac54ebdc90e183d71

  • SHA512

    e4747c76096d6c70d321c198f292284bd0a82c4af361ba1568eb2824dec69cf43a8cce94053b8643927e619bdc7fce0cd1ee5ca2673d5010b3257b6c311de386

  • SSDEEP

    1536:NqkhpIRfr/G0JCeiaGgW6kc3I2pW05r3c:NXjSS0JQItI29tc

Score
10/10
clopransomware

Malware Config

Extracted

Path

C:\MSOCache\ClopReadMe.txt

Family

clop

Ransom Note
Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm. Backups were either encrypted or deleted or backup disks were formatted. Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation No decryption software is available in the public. DO NOT RESET OR SHUTDOWN – files may be damaged. DO NOT RENAME OR MOVE the encrypted and readme files. DO NOT DELETE readme files. This may lead to the impossibility of recovery of the certain files. Photorec, RannohDecryptor etc. repair tools are useless and can destroy your files irreversibly. If you want to restore your files write to emails (contacts are at the bottom of the sheet) and attach 2-3 encrypted files (Less than 5 Mb each, non-archived and your files should not contain valuable information (Databases, backups, large excel sheets, etc.)). You will receive decrypted samples and our conditions how to get the decoder. Attention!!! Your warranty - decrypted samples. Do not rename encrypted files. Do not try to decrypt your data using third party software. We don`t need your files and your information. But after 2 weeks all your files and keys will be deleted automatically. Contact emails: [email protected] or [email protected] The final price depends on how fast you write to us. Clop

Targets

    • Target

      3320f11728458d01eef62e10e48897ec1c2277c1fe1aa2d471a16b4dccfc1207.exe

    • Size

      100KB

    • MD5

      8752a7a052ba75239b86b0da1d483dd7

    • SHA1

      6eeef883d209d02a05ae9e6a2f37c6cbf69f4d89

    • SHA256

      3320f11728458d01eef62e10e48897ec1c2277c1fe1aa2d471a16b4dccfc1207

    • SHA512

      57d19e9254ecaeaf301e11598c88b1440f3f85baf0cb8d7a0ac952cd6d63f565df9809b13f50a059302bfb0f81a5c498e49837e2e9480ec9b51c14a409fbdb65

    • SSDEEP

      1536:gHIPkRUedYttp2bd/B8quuaOY2IfpW+VQJFsW69cdCeRk28+axHPjsb5:EYtLqJSquu42CW+VwisCgk2DaxHPj+5

    Score
    10/10
    clopransomware

    • Clop

      Ransomware discovered in early 2019 which has been actively developed since release.

      ransomwareclop

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks