clop | 2024-01-09_ae45c6cebda8480eb1386e8a1d716740_clop_cobalt-strike

Sharing

Copy URL

Twitter E-mail

General

Target

2024-01-09_ae45c6cebda8480eb1386e8a1d716740_clop_cobalt-strike
Size

107KB
MD5

ae45c6cebda8480eb1386e8a1d716740
SHA1

9027f9d584254f94969815396aa18561470be5ae
SHA256

491a6af81acbfab366c9352a40a513f5f2f6e095f1b397d180b629e6dadbbe1a
SHA512

7698cbff56803f902fa3bf0ed406a28dc434f134aad161224ac1da98d2309422a2b57cdc21dc921453841de488fa2411f8f60e5fe7c6440f7b164669fadae00c
SSDEEP

3072:IO4PuGUKJwRdtct2HhEBy852+wnioW+QBCovx:IJU3RdtcteEBR0l1ovx

Score

10^/10

clop

Malware Config

Signatures

Clop family
clop

Files

2024-01-09_ae45c6cebda8480eb1386e8a1d716740_clop_cobalt-strike
.exe windows:5 windows x86 arch:x86

96caf3bcd58d41d23d1a4e27f2165ae3

Code Sign

c6:ed:0e:fe:28:44:fa:44:aa:e3:50:c6:84:5c:33:31
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

05-02-2019 00:00

Not After

05-02-2020 23:59

Subject

CN=THE COMPANY OF WORDS LTD,O=THE COMPANY OF WORDS LTD,POSTALCODE=SO23 9HX,STREET=S G House 6 St. Cross Road,L=WINCHESTER,ST=Hampshire,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

01-02-2010 00:00

Not After

18-01-2038 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4d:87:26:af:81:38:6a:54:46:ec:6e:91:e4:7a:89:d8:1f:f7:9b:09
Signer

Actual PE Digest

4d:87:26:af:81:38:6a:54:46:ec:6e:91:e4:7a:89:d8:1f:f7:9b:09

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
CloseHandle
GetSystemInfo
CreateThread
MoveFileExW
lstrcpyW
CreateFileMappingW
MapViewOfFile
lstrcmpW
GetDriveTypeW
GetShortPathNameA
GetModuleFileNameA
EraseTape
CompareStringW
GetLongPathNameW
lstrlenW
ReleaseSemaphore
EnumResourceTypesW
TerminateProcess
GetUserDefaultUILanguage
GetDllDirectoryA
CreateMutexW
OpenFile
GetFirmwareEnvironmentVariableA
GetEnvironmentVariableA
GetComputerNameExW
GlobalDeleteAtom
GetACP
OpenProcess
GetConsoleAliasExesA
CreateToolhelp32Snapshot
CreateEventW
GetFileInformationByHandle
GetDevicePowerState
Process32NextW
GetConsoleDisplayMode
EncodeSystemPointer
ReadConsoleInputW
CreateFileA
SetEvent
DefineDosDeviceA
lstrcpyA
GetMailslotInfo
Process32FirstW
Sleep
GetProcAddress
GlobalLock
GetStartupInfoA
ExitProcess
GetCurrentProcessId
WideCharToMultiByte
DeleteTimerQueueTimer
ReadFileScatter
GetSystemRegistryQuota
WaitNamedPipeW
GetProfileStringA
SizeofResource
GetCurrentDirectoryA
LockResource
LoadResource
FindResourceW
GetModuleHandleW
DecodePointer
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcessHeap
GetStringTypeW
GetFileType
SetStdHandle
RaiseException
LCMapStringW
DeleteFileW
GlobalAlloc
lstrcatW
GetCurrentThread
GetLastError
SetFileAttributesW
UnmapViewOfFile
CreateFileW
WaitForSingleObject
FindClose
lstrlenA
SetFilePointer
SetErrorMode
VirtualAlloc
WriteFile
FindNextFileW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
VirtualFree
FindFirstFileW
FindAtomA
ReadFile
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
MultiByteToWideChar
GetModuleHandleExW
HeapFree
HeapAlloc
FindFirstFileExA

user32

wsprintfW
CharUpperW
DestroyWindow
SetActiveWindow
GetKeyboardState
wsprintfA
IsWindow
GetClassLongA
IsDialogMessageW
MapWindowPoints
GetKeyboardLayout
DrawTextExW
GetDlgItem
CharUpperBuffW
GetSysColorBrush
IsWindowUnicode
DialogBoxParamW
GetDC

gdi32

AbortDoc
CreateHatchBrush
GetTextCharset
GetBkColor

winspool.drv

OpenPrinterW

advapi32

RegOpenKeyW
CryptGenKey
CryptExportKey
SetServiceStatus
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
CryptReleaseContext
CryptDestroyKey
CryptAcquireContextW
CryptEncrypt

shell32

SHGetSpecialFolderPathW
ShellExecuteA

shlwapi

StrStrW
PathFindFileNameW

crypt32

CryptStringToBinaryA
CryptDecodeObjectEx
CryptImportPublicKeyInfoEx

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96caf3bcd58d41d23d1a4e27f2165ae3

Code Sign

c6:ed:0e:fe:28:44:fa:44:aa:e3:50:c6:84:5c:33:31Certificate

Extended Key Usages

Key Usages

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2dCertificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

4d:87:26:af:81:38:6a:54:46:ec:6e:91:e4:7a:89:d8:1f:f7:9b:09Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

crypt32

mpr

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 4KB

.gfids Size: 512B - Virtual size: 172B

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 5KB - Virtual size: 4KB

c6:ed:0e:fe:28:44:fa:44:aa:e3:50:c6:84:5c:33:31
Certificate

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

4d:87:26:af:81:38:6a:54:46:ec:6e:91:e4:7a:89:d8:1f:f7:9b:09
Signer

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 172B

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 5KB - Virtual size: 4KB