General
-
Target
3320f11728458d01eef62e10e48897ec1c2277c1fe1aa2d471a16b4dccfc1207.zip
-
Size
50KB
-
Sample
241004-g3qajayenk
-
MD5
38292473707b17cd95db3373558474b5
-
SHA1
5eea5b9feca5e8513500e6955c9a3726183dea1d
-
SHA256
6b3fbf3c740886abe83f02b354e1243054307b2037b452e2d5afc405cbbb99a9
-
SHA512
b371571a81b490f0a8875686e48031d378b721f56754593e1d8f4bb8c856a6002f6a222b2c75451478c3678ec675b556cfe54ec57834ecda774502258ec9df24
-
SSDEEP
768:/NbCtkAiNy5cMPT+33doZUu2Xs+yxMtY/1Ybnm70soJLFJE8od5Ln1BbAUTH5Iwm:x7Mbejh8+QMt1bdsOJJE8K1BcwZ8
Static task
static1
Behavioral task
behavioral1
Sample
clop.exe
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
clop.exe
Resource
win10-20240611-en
Behavioral task
behavioral3
Sample
clop.exe
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
clop.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
clop.exe
Resource
win11-20240802-en
Malware Config
Extracted
C:\$Recycle.Bin\ClopReadMe.txt
clop
Targets
-
-
Target
clop.bin
-
Size
100KB
-
MD5
8752a7a052ba75239b86b0da1d483dd7
-
SHA1
6eeef883d209d02a05ae9e6a2f37c6cbf69f4d89
-
SHA256
3320f11728458d01eef62e10e48897ec1c2277c1fe1aa2d471a16b4dccfc1207
-
SHA512
57d19e9254ecaeaf301e11598c88b1440f3f85baf0cb8d7a0ac952cd6d63f565df9809b13f50a059302bfb0f81a5c498e49837e2e9480ec9b51c14a409fbdb65
-
SSDEEP
1536:gHIPkRUedYttp2bd/B8quuaOY2IfpW+VQJFsW69cdCeRk28+axHPjsb5:EYtLqJSquu42CW+VwisCgk2DaxHPj+5
Score10/10-
clop
Ransomware discovered in early 2019 which has been actively developed since release.
-
Renames multiple (280) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-