Overview

overview

10

Static

static

39f5b60188...in.exe

windows7_x64

10

39f5b60188...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    39f5b60188d49196e6c10271a084a755f9553190898438b15107cdb950a4bbde.bin

  • Size

    51KB

  • Sample

    211223-3lk55sbgh8

  • MD5

    e4e439fc5ade188ba2c69367ba6731b6

  • SHA1

    d4b3b403b95d50a2feefa046441600e488b941f4

  • SHA256

    39f5b60188d49196e6c10271a084a755f9553190898438b15107cdb950a4bbde

  • SHA512

    068d7ba1563bf528520a5106a99245896578ac88b0a3263383cdae8657403deba659c06f429dd83710d1f5afa324a49254dd68911382db71810f98a498e901e7

Score
10/10
globeimposterpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\read-me.txt

Family

globeimposter

Ransom Note
All your files are Encrypted! For data recovery needs decryptor. How to buy decryptor: ---------------------------------------------------------------------------------------- | 1. Download Tor browser - https://www.torproject.org/ and install it. | 2. Open link in TOR browser - http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion/?STAHYJUHGFV | 3. Create Ticket ---------------------------------------------------------------------------------------- Note! This link is available via Tor Browser only. ------------------------------------------------------------ or http://helpqvrg3cc5mvb3.onion/ Your ID ���46 FA ED 64 47 69 9E B2 3A AA 94 1C D7 65 E2 17 E3 03 32 5F C1 D5 0E 29 82 0D B9 0F C3 D8 3E 72 60 D2 D1 18 CA 7F 03 6C C3 9D 2C 36 52 89 86 13 3A 9B 14 3D 27 BB DC 4C E4 FC 95 57 48 1B 33 DB 30 D1 B1 3C E8 FF 27 6E ED D5 E2 5E F5 EC B6 7B 6C 25 34 05 E4 4F 20 79 1E 35 6F 7D 42 9B 7B C6 CE 2A A3 6D 8F E7 27 3A 76 EF 07 95 61 D8 54 9E 51 FF 2A DC 14 61 1F 7C 59 5B B9 5A 2A C2 FB 1C 50 68 24 F2 E6 39 39 FB 21 5F 50 19 88 0D B4 A1 14 D6 F6 5C 10 85 6F 13 90 CB 1B 3D F9 FF A3 2F 35 37 B3 2F 56 3B EF 9D 5A 9E 62 C2 27 34 2B F1 91 32 5A FB A4 2D 37 67 8E C4 D3 BB 0A 4C 48 55 6A AD F8 5F DE 41 A9 62 EC E2 4B EB 69 29 40 1F 3B 3A 4F 1A 8C 7B DC 11 7D 2D 5A B4 2C 9D 9D C0 A0 56 31 0F FB 04 5D C2 41 12 6A 1B A2 8F CE 08 38 35 D5 1C F1 00 D4 91 E2 2F A2 78 A6 9E FB D1
URLs

http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion/?STAHYJUHGFV

http://helpqvrg3cc5mvb3.onion/

Extracted

Path

C:\read-me.txt

Family

globeimposter

Ransom Note
All your files are Encrypted! For data recovery needs decryptor. How to buy decryptor: ---------------------------------------------------------------------------------------- | 1. Download Tor browser - https://www.torproject.org/ and install it. | 2. Open link in TOR browser - http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion/?STAHYJUHGFV | 3. Create Ticket ---------------------------------------------------------------------------------------- Note! This link is available via Tor Browser only. ------------------------------------------------------------ or http://helpqvrg3cc5mvb3.onion/ Your ID ���33 48 AC 6B 5C 95 FD 38 B9 76 7C 46 9E 00 7E E7 CE 88 4C 5A C4 92 DA 43 F8 81 FE 6E 43 DC 43 8A 2E 34 0C 28 86 0E 0E 94 69 62 9C F3 74 E3 F1 C8 AB 8A BA 00 4F F4 13 22 C2 1C D1 5F D3 BA 65 86 9B C2 BA 60 A2 20 48 57 BF 2B 18 49 79 53 B3 6A 63 0C 19 72 12 C8 20 21 B3 55 5B 17 B3 57 F2 E9 74 83 AE 3F C1 3B 18 EC 21 F4 08 C2 35 2D A2 33 0E B9 1B 56 50 4B AB 96 0F A8 D6 3A A5 B7 77 46 EF CA 08 7A 27 A0 76 52 5A 54 78 73 11 45 52 3A 3C E1 CD E9 00 41 99 2B 16 7D 48 75 48 73 A1 E3 54 10 1F 46 A6 A9 16 B1 6A 29 B3 DD 48 7A D4 37 37 41 B9 C9 AE 51 83 4D D1 68 F8 4D 37 E9 52 8D 2E B2 15 C7 50 38 CA 49 F1 70 14 AC 13 16 18 74 34 9D E9 5D 2F 0C B3 77 F1 9A E6 67 6E 75 EA 6F CE 00 07 6C 89 65 E4 27 D1 6A 12 00 7D E8 95 01 E3 CE E8 9C 6C 38 DD 2B 20 03 FB 51 94 59 70 50
URLs

http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion/?STAHYJUHGFV

http://helpqvrg3cc5mvb3.onion/

Targets

    • Target

      39f5b60188d49196e6c10271a084a755f9553190898438b15107cdb950a4bbde.bin

    • Size

      51KB

    • MD5

      e4e439fc5ade188ba2c69367ba6731b6

    • SHA1

      d4b3b403b95d50a2feefa046441600e488b941f4

    • SHA256

      39f5b60188d49196e6c10271a084a755f9553190898438b15107cdb950a4bbde

    • SHA512

      068d7ba1563bf528520a5106a99245896578ac88b0a3263383cdae8657403deba659c06f429dd83710d1f5afa324a49254dd68911382db71810f98a498e901e7

    Score
    10/10
    globeimposterpersistenceransomwarespywarestealer

    • GlobeImposter

      GlobeImposter is a ransomware first seen in 2017.

      ransomwareglobeimposter

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks