clop[.]bin | Triage

Resubmissions

08/08/2024, 06:04

240808-gs4p6szgkp 10

08/08/2024, 06:02

240808-grgh9azgjr 10

Sharing

Copy URL Twitter E-mail

General

Target

clop.bin
Size

221KB
MD5

a04eb443870896fbe9a0b6468c4844f7
SHA1

e3001ef25b1386763caec9b5339ec6ddb0275a71
SHA256

a867deb1578088d066941c40e598e4523ab5fd6c3327d3afb951073bee59fb02
SHA512

28919641ecb89a7770a974992231bbdb9a7369e429d4b37d5b685bafab30b95c5bd87ce781d5a67db6c1b2823c85f9f3c6901285912f1bb641d9967d82d2660f
SSDEEP

6144:JrazEX0203RegvjxnpGhu3BJMIp2CuvY63:B+3JpGEBJMg2CuvY6

Score

1^/10

Malware Config

Signatures

Files

clop.bin
.exe windows:5 windows x86 arch:x86

150e10d1369ec1ef10a58e4e1ccdd0fa

Code Sign

cd:ac:cb:69:14:af:f8:c3:3f:11:95:da:ca:74:aa:4e
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

22/02/2019, 00:00

Not After

22/02/2020, 23:59

Subject

CN=MEGAPOLIS SERVICES LTD,O=MEGAPOLIS SERVICES LTD,POSTALCODE=SO50 8AH,STREET=143 Stoke Heights Fair Oak,L=EASTLEIGH,ST=EASTLEIGH,C=GB,2.5.4.18=#1308534f353020384148

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

01/02/2010, 00:00

Not After

18/01/2038, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9c:54:27:05:87:21:9b:3e:19:31:e1:68:8e:6f:6d:75:e0:2f:ae:58
Signer

Actual PE Digest

9c:54:27:05:87:21:9b:3e:19:31:e1:68:8e:6f:6d:75:e0:2f:ae:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
VirtualAlloc
GetProcAddress
LoadLibraryA
GetLastError
TerminateProcess
LeaveCriticalSection
DeleteCriticalSection
EnterCriticalSection
LCMapStringW
GetOEMCP
GetCommandLineW
GetModuleHandleW
GetACP
GetCommandLineA
MultiByteToWideChar
GetVersionExA
CreateEventW
CompareStringW
CompareStringA
GetTimeZoneInformation
GetLocaleInfoW
VirtualQuery
GetSystemInfo
VirtualProtect
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
FlushFileBuffers
InterlockedDecrement
GetStartupInfoW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlUnwind
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetCurrentThread
HeapDestroy
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
OutputDebugStringA
FatalAppExitA
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryExA
InitializeCriticalSection
HeapAlloc
Sleep
HeapReAlloc
LCMapStringA
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
SetEnvironmentVariableA

ole32

CoInitialize
ReleaseStgMedium
CoTaskMemFree
CoCreateGuid
RevokeDragDrop
CLSIDFromProgID
OleRun
CoUninitialize
CoGetClassObject

comctl32

ImageList_Add

Sections

.text
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

150e10d1369ec1ef10a58e4e1ccdd0fa

Code Sign

cd:ac:cb:69:14:af:f8:c3:3f:11:95:da:ca:74:aa:4eCertificate

Extended Key Usages

Key Usages

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2dCertificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

9c:54:27:05:87:21:9b:3e:19:31:e1:68:8e:6f:6d:75:e0:2f:ae:58Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

comctl32

Sections

.text Size: 189KB - Virtual size: 188KB

.data Size: 22KB - Virtual size: 22KB

.rsrc Size: 512B - Virtual size: 504B

cd:ac:cb:69:14:af:f8:c3:3f:11:95:da:ca:74:aa:4e
Certificate

01:fd:6d:30:fc:a3:ca:51:a8:1b:bc:64:0e:35:03:2d
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

9c:54:27:05:87:21:9b:3e:19:31:e1:68:8e:6f:6d:75:e0:2f:ae:58
Signer

.text
Size: 189KB - Virtual size: 188KB

.data
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 512B - Virtual size: 504B