General

  • Target

    possible_irt_clop_16938601753.zip

  • Size

    1.5MB

  • MD5

    02056feea8f2155557af5b3353edf1ec

  • SHA1

    90729b415824023eae259502d23f3190c5af0f5e

  • SHA256

    7fa55a34462cbef893741a513c78e13c8c8a48a1f7e7c7ad498422ae576d1fea

  • SHA512

    5505e146998723c9ddf95bd1e14b0ac2ff168e91445d8dc6d37bb38af2d5f8486c5d6fd39ac2c314b42757c136370d80731ff7efa2f47db32794fe86b527a639

  • SSDEEP

    24576:AxXLTOKkyJ1Cns71H5ibY3L5ptoVJAgpzspNwNXF5s6YCUra8FA3f5tH3lkbXHiG:A9LTOKB3f1ZiOpWXAgpsgN5YbuA2j1w1

Score
10/10

Malware Config

Extracted

Family

clop

Ransom Note
___ CGMINC ___ === DO NOT ATTEMPT TO RESTORE OR MOVE THE FILES YOURSELF. THIS MAY DESTROY THEM === Here are some of the files we downloaded from your network: \\CGMFILE02\F$\ETCLifeline\Packages \\CGMFILE01\E$\ETCLifeline\Packages \\CGMSQL07\H$\SqlData\20220925\ApiLogDb.mdf If you refuse to cooperate, all data will be published for free download on our portal: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/ -> TOR browser CONTACT US BY EMAIL-> [email protected] or [email protected] OR WRITE TO THE CHAT AT-> http://6v4q5w7di74grj2vtmikzgx2tnq5eagyg2cubpcnqrvvee2ijpmprzqd.onion/remote0/feeb65cb-ef79-48c2-8a53-23e1f844fe72?secret=cgminc (use TOR browser)

Signatures

  • Clop family
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • possible_irt_clop_16938601753.zip
    .zip

    Password: infected

  • 343cb2d5900f5fe4abd5442a4a18541753fbb6ca5ff4ee7f2c312ed96e413335
    .exe windows:5 windows x86 arch:x86

    abce2ca0bead1aaef1e5e2c4297d86bd


    Code Sign

    Headers

    Imports

    Sections

  • 46cd508b7e77bb2c1d47f7fef0042a13c516f8163f9373ef9dfac180131c65ed
    .exe windows:6 windows x86 arch:x86

    d8b6baf12a07141de229c7d33c80f943


    Headers

    Imports

    Sections

  • a9741b16f4169f56ae0f2e49c87f3c5360ed5ab4370e6d16bd86179999f11795
    .exe windows:6 windows x86 arch:x86

    6343fa0399258ac183fe24b2f9f0af0c


    Headers

    Imports

    Sections