Overview

overview

10

Static

static

3

American M...ia.exe

windows7-x64

7

American M...ia.exe

windows10-2004-x64

7

American M...e.html

windows7-x64

1

American M...e.html

windows10-2004-x64

1

American M...ia.exe

windows7-x64

10

American M...ia.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee005dd328f30548b6ee2225689cd241_JaffaCakes118

  • Size

    11.9MB

  • Sample

    240411-weamhabh9w

  • MD5

    ee005dd328f30548b6ee2225689cd241

  • SHA1

    45b4e62323544699b1f9f182ef3b73b05e2cc4c6

  • SHA256

    90e021b34e295ae9488b18ff093a9b7ef86560758702b90cf293ee03b5b23d46

  • SHA512

    5e654dddeaff066064dc5b16d328a589522a5f7777e63bdc417ce0f1825bde7d2501d2c79a90e1e731c79c059f5f2aa1d3db8c0829185972cec6555942add345

  • SSDEEP

    196608:3YhpbyHMRU6pt7FWl1WoJKWISulOHC61mpjXqX1Ss+cHUfIiYbuSuzcsCyxdAkYV:3chyHMRU6ptMHWoJKHSulOHCzLts+UUu

Score
10/10
clopdiscoveryransomware

Malware Config

Targets

    • Target

      American Medical Encyclopedia v1.0/MedEncyclopedia.exe

    • Size

      8.4MB

    • MD5

      22feba5399e1be994295a62504503dc0

    • SHA1

      7c968dbfe9a8d1f2ea8c9f19d3358baf7cb62658

    • SHA256

      16e838c8887216fd8bd202959309efc17947dffa10303ae63d0230ea97aec10e

    • SHA512

      383fa30754c8e2dfd5ed359828341368386f73b0b90de67d6f8c0407e87516661b0cc67f872e7a22ccc73fc4a313d1fae12bf3b75556320f4382d9961ed94d55

    • SSDEEP

      196608:XJKWISulOHC61mpjXqX1Ss+cHUfIiYbuSuzcsCyxdAkYzF+PjjzQw:XJKHSulOHCzLts+UU9YbuFc0xdByFg

    Score
    7/10
    discovery

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

    • Target

      American Medical Encyclopedia v1.0/_Readme.html

    • Size

      271B

    • MD5

      3797085f374cdf93ef0d0439f4447c28

    • SHA1

      c673ab7f5ef5f74050d4a465de6ebd6130e34ea5

    • SHA256

      d39f860f7a8c857d36f0694a1bccd6feba915e553a64e00de57ce81f5b2bc0f5

    • SHA512

      61bc79901ad9a45a2167f403585aa985c095853ca7dab3bdb7be5964ea886d0dbedf324c07f1f621e567bd7984a64b22e8a2bf9435c50161d7522e5968e893b7

    Score
    1/10
    behavioral3behavioral4

    • Target

      American Medical Encyclopedia v1.0/crack/MedEncyclopedia.exe

    • Size

      3.5MB

    • MD5

      a9acc6fc0428a5b5236b9cc1c0e44bc8

    • SHA1

      1d178db2a06574275fa24983f3f1d0035b2edae5

    • SHA256

      4a8256ef95e5f23d5925059250a40c1560d409dbfd84667e0b394f705db5a879

    • SHA512

      3c1d8f5ec94386fcf63e9c469a47994be1160e323202b3cea05cf452d71a55f0879063284988d17bf9518760052d55ed29a0e7f0676dacca2af3f92fd5bd43aa

    • SSDEEP

      98304:sMngYhpbyHMCIXrxrm6dbt7FM2iJl1N2b:kYhpbyHMRU6pt7FWl1W

    Score
    10/10
    clopransomware

    • clop

      Ransomware discovered in early 2019 which has been actively developed since release.

      ransomwareclop
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks