clop | sample (1)[.]zip

Resubmissions

10-07-2023 08:57

230710-kwszmahd86 10

Sharing

Copy URL

Twitter E-mail

General

Target

sample (1).zip
Size

510KB
MD5

f82054d892afe27951ecef0a520cd570
SHA1

9d2eefd3745e9dd16db6940e18cf566e49708f83
SHA256

675770e76f80610cfd5ba15cdc710094abcb0dbb99a9897f5eb3230e57119e85
SHA512

74430fcf860d163512dc0f00a4e21a584b490e00ed33342f6b6dac26b9e2e33da79c80ff8b16f4cb748d37766019ea01de1174d437124dd679561ed21010b1b1
SSDEEP

12288:do76CxM7ZReaXN2jnyHl/VbQzib4y2fjPze5ZXMs27UH:K76VFTNGyHbUeb4fjkZMsIUH

Score

10^/10

clop

Malware Config

Signatures

Clop family
clop

Detects Clop payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/jsFhhfngkaDj.exe	family_clop

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

unpack001/jsFhhfngkaDj.exe

resource
unpack001/jsFhhfngkaDj.exe

Files

sample (1).zip
.zip

Password: infected
jsFhhfngkaDj.exe
.exe windows x86

6343fa0399258ac183fe24b2f9f0af0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLogicalDrives
EnumResourceTypesExW
GetOEMCP
NotifyUILanguageChange
GlobalHandle
GetProcessShutdownParameters
FindFirstFileA
FindFirstFileExW
EraseTape
FindFirstVolumeW
GetSystemDefaultLCID
CopyFileTransactedW
HeapFree
SetPriorityClass
GetCommandLineW
FindNLSString
GetCurrentProcess
GetConsoleOutputCP
lstrlenW
GetThreadErrorMode
FindFirstFileExA
GetSystemDefaultUILanguage
TerminateProcess
GetProfileIntW
LoadLibraryExA
GetUserDefaultLangID
GetModuleFileNameW
DeleteFiber
GetSystemTimes
GetCommModemStatus
GetConsoleCP
GetThreadLocale
GlobalUnWire
GetProcessId
GetUserDefaultUILanguage
GetNamedPipeClientComputerNameW
LeaveCriticalSection
GetConsoleAliasW
FlushProcessWriteBuffers
InitializeCriticalSectionEx
GetLargePageMinimum
GetFileAttributesTransactedA
GetPrivateProfileSectionW
GetConsoleScreenBufferInfoEx
lstrlenA
GetEnvironmentVariableA
CreateMutexA
GetCurrentThreadId
OpenJobObjectW
MapViewOfFileExNuma
lstrcmpA
UnregisterApplicationRecoveryCallback
GetSystemDirectoryW
IsSystemResumeAutomatic
GlobalDeleteAtom
ContinueDebugEvent
GetAtomNameW
GetModuleHandleA
GetSystemDefaultLangID
GetACP
GetSystemDefaultLocaleName
RtlCaptureStackBackTrace
OpenProcess
GetVersion
BuildCommDCBA
GetCommandLineA
CreateToolhelp32Snapshot
CreateEventW
ReadConsoleOutputCharacterA
ProcessIdToSessionId
GetPrivateProfileStringW
Sleep
CancelSynchronousIo
GetTickCount64
CopyFileA
GetCurrencyFormatEx
EnumSystemLocalesEx
Process32NextW
OutputDebugStringW
GetMaximumProcessorGroupCount
GetThreadUILanguage
GetUserDefaultLCID
ReadConsoleInputA
SetEvent
GetLogicalProcessorInformation
CreateMutexExA
GetDiskFreeSpaceExW
RemoveVectoredExceptionHandler
AcquireSRWLockExclusive
GetActiveProcessorGroupCount
LoadLibraryA
TlsAlloc
CloseHandle
GetSystemDEPPolicy
Process32FirstW
GetConsoleTitleA
CreateThreadpoolCleanupGroup
RaiseException
FreeConsole
QueryProcessCycleTime
LoadLibraryW
IsDBCSLeadByte
FindResourceW
HeapAlloc
ClearCommError
GetAtomNameA
GetDefaultCommConfigW
GetUserGeoID
SwitchToThread
IsThreadAFiber
GetCurrentProcessorNumber
GetSystemWow64DirectoryA
SubmitThreadpoolWork
GetErrorMode
UnregisterApplicationRestart
SetFileApisToOEM
WTSGetActiveConsoleSessionId
ExitProcess
ReadProcessMemory
GetCurrentProcessId
GetProcessHeap
IsValidLanguageGroup
GetProfileStringW
CreateSymbolicLinkW
GetConsoleWindow
GetLongPathNameTransactedW
BuildCommDCBAndTimeoutsA
GlobalUnfix
CreateRemoteThread
OpenFileMappingA
LocaleNameToLCID
GetTempFileNameW
ConvertFiberToThread
LocalFlags
SetFileApisToANSI
FormatMessageA
GetTempFileNameA
GetProcessPriorityBoost
FindNextVolumeW
lstrcmpiW
InitializeSListHead
GetEnvironmentStringsW
lstrcmpW
GetConsoleAliasExesLengthA
GetDriveTypeW
IsDebuggerPresent
CreateTimerQueue
SizeofResource
LockResource
LoadResource
GetModuleHandleW
WriteConsoleW
SetFilePointerEx
ReadConsoleW
SetEndOfFile
GetConsoleMode
FlushFileBuffers
HeapReAlloc
HeapSize
LCMapStringW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetCPInfo
IsValidCodePage
FoldStringA
GetConsoleAliasExesLengthW
GetNamedPipeClientComputerNameA
AreFileApisANSI
GlobalUnlock
GetTickCount
MapViewOfFile
CreateFileMappingW
lstrcpyW
GlobalLock
GetCurrentThread
CreateThread
GlobalFree
lstrcpyA
GlobalAlloc
lstrcatW
GetLastError
SetFileAttributesW
ExitThread
UnmapViewOfFile
CreateFileW
WaitForSingleObject
FindClose
SetFilePointer
SetErrorMode
VirtualAlloc
WriteFile
FindNextFileW
GetFileType
GetModuleHandleExW
WideCharToMultiByte
MultiByteToWideChar
GetStdHandle
LoadLibraryExW
VirtualFree
FindFirstFileW
FindResourceExA
ReadFile
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
GetStartupInfoW
GetSystemTimeAsFileTime
QueryPerformanceCounter
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
DecodePointer

user32

wsprintfW
IsCharUpperW
InvalidateRect
CreateMenu
GetDesktopWindow
CharUpperW
UnionRect
HiliteMenuItem
DefWindowProcW
UnhookWindowsHook
GetFocus
GetClipboardViewer
GetPropW
CloseClipboard
GetKBCodePage
GetForegroundWindow
LoadBitmapW
TranslateMessage
GetClipboardFormatNameW
GetClassNameW
ExcludeUpdateRgn
DrawTextW
CharUpperBuffW

gdi32

CreateHatchBrush
CreateRectRgn
SelectPalette
RectInRegion
SetBkColor
CreateEllipticRgn
Escape
FillRgn
ExtTextOutW
GetRgnBox
GetBkMode

advapi32

SetServiceStatus
GetTokenInformation
LookupAccountSidW
RegDisablePredefinedCacheEx
RevertToSelf
RegCloseKey
CryptAcquireContextW
RegGetValueA
CryptEncrypt
RegisterServiceCtrlHandlerW
OpenProcessToken
CreateProcessAsUserW
StartServiceCtrlDispatcherW
RegRestoreKeyA
DuplicateTokenEx

shell32

SHGetSpecialFolderPathW

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

shlwapi

StrStrW
PathFindFileNameW

crypt32

CryptStringToBinaryA
CryptDecodeObjectEx
CryptImportPublicKeyInfo

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSQuerySessionInformationW
WTSQueryUserToken
WTSEnumerateSessionsW
WTSFreeMemory

rstrtmgr

RmGetList
RmStartSession
RmShutdown
RmEndSession
RmRestart
RmRegisterResources

Sections

.text
Size: 619KB - Virtual size: 618KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 218KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

6343fa0399258ac183fe24b2f9f0af0c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

mpr

shlwapi

crypt32

userenv

wtsapi32

rstrtmgr

Sections

.text Size: 619KB - Virtual size: 618KB

.rdata Size: 31KB - Virtual size: 30KB

.data Size: 2KB - Virtual size: 12KB

.gfids Size: 512B - Virtual size: 172B

.rsrc Size: 218KB - Virtual size: 218KB

.reloc Size: 64KB - Virtual size: 63KB

.text
Size: 619KB - Virtual size: 618KB

.rdata
Size: 31KB - Virtual size: 30KB

.data
Size: 2KB - Virtual size: 12KB

.gfids
Size: 512B - Virtual size: 172B

.rsrc
Size: 218KB - Virtual size: 218KB

.reloc
Size: 64KB - Virtual size: 63KB