clop | ada028c99efb8e8759c0b0622bf368279f7d8f8e7baad8a58cd195c65422a767

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 00:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32bc94e84b62757e7b77c7deb0a96f2f.exe
Size

1.1MB
MD5

32bc94e84b62757e7b77c7deb0a96f2f
SHA1

fa8782b9ec0eab3515aed4741c3feccb4c571f3e
SHA256

ada028c99efb8e8759c0b0622bf368279f7d8f8e7baad8a58cd195c65422a767
SHA512

ee2cade095d93cf109a44c477c8d877214c838e7a9057804c918e96f355ab08f2bab130887154a647515e08a884db58774258d6edf9040b183f8ff8b21e7cf4a
SSDEEP

12288:DuxTfQgrvG4PdE6RqjdCLrQqNzdEDUtTybs02Y9s+32AQm:DGjQgKfcrQqvEDUFyJ9

Score

10^/10

clop ransomware

Malware Config

Extracted

Family

clop

Ransom Note

@@@ Bluebonnet Nutrition Corporation @@@ !_! DO NOT ATTEMPT TO RESTORE OR MOVE THE FILES YOURSELF. THIS MAY DESTROY THEM !_! ***Also a lot of sensitive data has been downloaded from your network*** For example: ______________________________ \\192.168.16.143\C$\Users\joyce.BLUEBONNET \\Steve\C$\Users\Steve \\192.168.16.17\Accounting ______________________________ THIS IS A SMALL PART, ABOUT 10% ______________________________ If you refuse to cooperate, all data will be published for free download on our portal: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion.dog/ http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion.ly/ http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/ - use TOR browser CONTACT US BY EMAIL: [email protected] or [email protected] OR WRITE TO THE CHAT AT :->: http://6v4q5w7di74grj2vtmikzgx2tnq5eagyg2cubpcnqrvvee2ijpmprzqd.onion/remote0/70f0d45d-2f29-42d5-af3a-17e7ade0be1e?secret=bbn (use TOR browser)

Signatures

clop
Ransomware discovered in early 2019 which has been actively developed since release.
ransomware clop
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\32bc94e84b62757e7b77c7deb0a96f2f.exe
"C:\Users\Admin\AppData\Local\Temp\32bc94e84b62757e7b77c7deb0a96f2f.exe"
1⤵
PID:1668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1668-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1668-3-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/1668-2-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/1668-1-0x0000000003160000-0x0000000003218000-memory.dmp

Filesize
736KB

Download