clop | 6b468da05c8f7be6bfa2b29de2408926e8cfc6c1c6a0cd59eaedde72aaab4aa0

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-05-2024 06:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b468da05c8f7be6bfa2b29de2408926e8cfc6c1c6a0cd59eaedde72aaab4aa0.exe
Size

6.0MB
MD5

b60ea71b7edf7afa6cfb09a02709407c
SHA1

5f97a95cc05036e9c030583c2ee5648229cc9160
SHA256

6b468da05c8f7be6bfa2b29de2408926e8cfc6c1c6a0cd59eaedde72aaab4aa0
SHA512

03a3d78fd9397523f794710f965c8c388c482ad5c9bef459efedcc8dc24b30f9df5c35f9b572c7b9d6a1e13cedd9af68af8e935d300438f5efdd7144b4685a3f
SSDEEP

98304:5DYEWTnV7e9yUXMJ/1o1gLWMV99zw0RlPB6I/KIxAQGT1A0AWYOTsKkXHr:5UEWTnVyAnOzMVjH6WKQG5A0SKCL

Score

10^/10

clop ransomware

Malware Config

Extracted

Family

clop

Ransom Note

___ Universidad de La Salle ___ === DO NOT ATTEMPT TO RESTORE OR MOVE THE FILES YOURSELF. THIS MAY DESTROY THEM === Here are some of the files we downloaded from your network: \\172.19.20.216\C$\Users\ruthrodriguezez \\172.19.0.25\Secretaria General Docs \\172.19.15.59\C$\Users\sarangel If you refuse to cooperate, all data will be published for free download on our portal: http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/ -> TOR browser CONTACT US BY EMAIL-> [email protected] or [email protected] OR WRITE TO THE CHAT AT-> http://6v4q5w7di74grj2vtmikzgx2tnq5eagyg2cubpcnqrvvee2ijpmprzqd.onion/remote0/93868e77-1331-411a-9643-dc9ad26a5095?secret=lasalle (use TOR browser)

Signatures

clop
Ransomware discovered in early 2019 which has been actively developed since release.
ransomware clop

C:\Users\Admin\AppData\Local\Temp\6b468da05c8f7be6bfa2b29de2408926e8cfc6c1c6a0cd59eaedde72aaab4aa0.exe
"C:\Users\Admin\AppData\Local\Temp\6b468da05c8f7be6bfa2b29de2408926e8cfc6c1c6a0cd59eaedde72aaab4aa0.exe"
1⤵
PID:1176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1176-1-0x0000000002830000-0x00000000028F9000-memory.dmp

Filesize
804KB

Download
memory/1176-0-0x0000000000400000-0x0000000000992000-memory.dmp

Filesize
5.6MB

Download
memory/1176-5-0x0000000000401000-0x000000000094C000-memory.dmp

Filesize
5.3MB

Download
memory/1176-4-0x0000000000400000-0x0000000000992000-memory.dmp

Filesize
5.6MB

Download
memory/1176-7-0x0000000000400000-0x0000000000992000-memory.dmp

Filesize
5.6MB

Download
memory/1176-9-0x0000000000400000-0x0000000000992000-memory.dmp

Filesize
5.6MB

Download
memory/1176-8-0x0000000000220000-0x0000000000222000-memory.dmp

Filesize
8KB

Download
memory/1176-6-0x0000000000400000-0x0000000000992000-memory.dmp

Filesize
5.6MB

Download
memory/1176-2-0x0000000000400000-0x0000000000992000-memory.dmp

Filesize
5.6MB

Download
memory/1176-3-0x0000000000400000-0x0000000000992000-memory.dmp

Filesize
5.6MB

Download
memory/1176-13-0x0000000000401000-0x000000000094C000-memory.dmp

Filesize
5.3MB

Download
memory/1176-12-0x0000000002830000-0x00000000028F9000-memory.dmp

Filesize
804KB

Download
memory/1176-11-0x0000000000400000-0x0000000000992000-memory.dmp

Filesize
5.6MB

Download