clop

General

Target

32bc94e84b62757e7b77c7deb0a96f2f
Size

1.1MB
Sample

231222-ajelcsgfd4
MD5

32bc94e84b62757e7b77c7deb0a96f2f
SHA1

fa8782b9ec0eab3515aed4741c3feccb4c571f3e
SHA256

ada028c99efb8e8759c0b0622bf368279f7d8f8e7baad8a58cd195c65422a767
SHA512

ee2cade095d93cf109a44c477c8d877214c838e7a9057804c918e96f355ab08f2bab130887154a647515e08a884db58774258d6edf9040b183f8ff8b21e7cf4a
SSDEEP

12288:DuxTfQgrvG4PdE6RqjdCLrQqNzdEDUtTybs02Y9s+32AQm:DGjQgKfcrQqvEDUFyJ9

Score

10^/10

clop ransomware

Malware Config

Extracted

Family

clop

Ransom Note

@@@ Bluebonnet Nutrition Corporation @@@ !_! DO NOT ATTEMPT TO RESTORE OR MOVE THE FILES YOURSELF. THIS MAY DESTROY THEM !_! ***Also a lot of sensitive data has been downloaded from your network*** For example: ______________________________ \\192.168.16.143\C$\Users\joyce.BLUEBONNET \\Steve\C$\Users\Steve \\192.168.16.17\Accounting ______________________________ THIS IS A SMALL PART, ABOUT 10% ______________________________ If you refuse to cooperate, all data will be published for free download on our portal: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion.dog/ http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion.ly/ http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/ - use TOR browser CONTACT US BY EMAIL: [email protected] or [email protected] OR WRITE TO THE CHAT AT :->: http://6v4q5w7di74grj2vtmikzgx2tnq5eagyg2cubpcnqrvvee2ijpmprzqd.onion/remote0/70f0d45d-2f29-42d5-af3a-17e7ade0be1e?secret=bbn (use TOR browser)

Targets

- Target
  
  32bc94e84b62757e7b77c7deb0a96f2f
- Size
  
  1.1MB
- MD5
  
  32bc94e84b62757e7b77c7deb0a96f2f
- SHA1
  
  fa8782b9ec0eab3515aed4741c3feccb4c571f3e
- SHA256
  
  ada028c99efb8e8759c0b0622bf368279f7d8f8e7baad8a58cd195c65422a767
- SHA512
  
  ee2cade095d93cf109a44c477c8d877214c838e7a9057804c918e96f355ab08f2bab130887154a647515e08a884db58774258d6edf9040b183f8ff8b21e7cf4a
- SSDEEP
  
  12288:DuxTfQgrvG4PdE6RqjdCLrQqNzdEDUtTybs02Y9s+32AQm:DGjQgKfcrQqvEDUFyJ9
Score

10^/10

clop ransomware
- clop
  Ransomware discovered in early 2019 which has been actively developed since release.
  ransomware clop
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2