clop | 90e021b34e295ae9488b18ff093a9b7ef86560758702b90cf293ee03b5b23d46 | Triage

Sharing

General

Target

ee005dd328f30548b6ee2225689cd241_JaffaCakes118
Size

11.9MB
Sample

240411-weamhabh9w
MD5

ee005dd328f30548b6ee2225689cd241
SHA1

45b4e62323544699b1f9f182ef3b73b05e2cc4c6
SHA256

90e021b34e295ae9488b18ff093a9b7ef86560758702b90cf293ee03b5b23d46
SHA512

5e654dddeaff066064dc5b16d328a589522a5f7777e63bdc417ce0f1825bde7d2501d2c79a90e1e731c79c059f5f2aa1d3db8c0829185972cec6555942add345
SSDEEP

196608:3YhpbyHMRU6pt7FWl1WoJKWISulOHC61mpjXqX1Ss+cHUfIiYbuSuzcsCyxdAkYV:3chyHMRU6ptMHWoJKHSulOHCzLts+UUu

Score

10^/10

clop discovery ransomware

Malware Config

Targets

- Target
  
  American Medical Encyclopedia v1.0/MedEncyclopedia.exe
- Size
  
  8.4MB
- MD5
  
  22feba5399e1be994295a62504503dc0
- SHA1
  
  7c968dbfe9a8d1f2ea8c9f19d3358baf7cb62658
- SHA256
  
  16e838c8887216fd8bd202959309efc17947dffa10303ae63d0230ea97aec10e
- SHA512
  
  383fa30754c8e2dfd5ed359828341368386f73b0b90de67d6f8c0407e87516661b0cc67f872e7a22ccc73fc4a313d1fae12bf3b75556320f4382d9961ed94d55
- SSDEEP
  
  196608:XJKWISulOHC61mpjXqX1Ss+cHUfIiYbuSuzcsCyxdAkYzF+PjjzQw:XJKHSulOHCzLts+UU9YbuFc0xdByFg
Score

7^/10

discovery
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  American Medical Encyclopedia v1.0/_Readme.html
- Size
  
  271B
- MD5
  
  3797085f374cdf93ef0d0439f4447c28
- SHA1
  
  c673ab7f5ef5f74050d4a465de6ebd6130e34ea5
- SHA256
  
  d39f860f7a8c857d36f0694a1bccd6feba915e553a64e00de57ce81f5b2bc0f5
- SHA512
  
  61bc79901ad9a45a2167f403585aa985c095853ca7dab3bdb7be5964ea886d0dbedf324c07f1f621e567bd7984a64b22e8a2bf9435c50161d7522e5968e893b7
Score

1^/10
behavioral3 behavioral4
- Target
  
  American Medical Encyclopedia v1.0/crack/MedEncyclopedia.exe
- Size
  
  3.5MB
- MD5
  
  a9acc6fc0428a5b5236b9cc1c0e44bc8
- SHA1
  
  1d178db2a06574275fa24983f3f1d0035b2edae5
- SHA256
  
  4a8256ef95e5f23d5925059250a40c1560d409dbfd84667e0b394f705db5a879
- SHA512
  
  3c1d8f5ec94386fcf63e9c469a47994be1160e323202b3cea05cf452d71a55f0879063284988d17bf9518760052d55ed29a0e7f0676dacca2af3f92fd5bd43aa
- SSDEEP
  
  98304:sMngYhpbyHMCIXrxrm6dbt7FM2iJl1N2b:kYhpbyHMRU6pt7FWl1W
Score

10^/10

clop ransomware
- clop
  Ransomware discovered in early 2019 which has been actively developed since release.
  ransomware clop
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6