Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    59e0ab333060b4e510db5d36d87f0fe267ab66b0881955649b06d91d6dd2d486

  • Size

    360KB

  • Sample

    220106-nt3mtsbehm

  • MD5

    2f121145ea11b36f9ade0cb8f319e40a

  • SHA1

    d68049989ce98f71f6a562e439f6b6f0a165f003

  • SHA256

    59e0ab333060b4e510db5d36d87f0fe267ab66b0881955649b06d91d6dd2d486

  • SHA512

    9211a74cfa23c70c6ace8bd168ecbe1bb4a06d2e03b5adff5546115137b6ce849d3e41337581123d48e5082319f507d8f2d274621317fada182530e4a0abb6c7

Score
10/10
globeimposterransomwarespywarestealer

Malware Config

Extracted

Path

C:\read-me.txt

Family

globeimposter

Ransom Note
All your files are Encrypted! For data recovery needs decryptor. How to buy decryptor: ---------------------------------------------------------------------------------------- | 1. Download Tor browser - https://www.torproject.org/ and install it. | 2. Open link in TOR browser - http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion/?STAHYJUHGFV | 3. Create Ticket ---------------------------------------------------------------------------------------- Note! This link is available via Tor Browser only. ------------------------------------------------------------ or http://helpqvrg3cc5mvb3.onion/ Your ID ���6C 83 B2 94 B9 F0 60 BE 49 C9 E8 F0 B7 C9 24 6D 4A A1 E8 85 67 28 CB 08 42 4E 31 B6 65 0E 4A 21 21 77 82 12 2C A4 52 B0 F6 D7 19 10 64 89 17 C7 1B 38 86 3C C1 D6 E1 F8 9C EA E4 FC ED B0 CC 34 40 E6 B5 B0 C0 F9 66 81 13 75 3D 1B A1 92 87 43 5E DF DC 4A 48 E6 4F 6E A8 BF 57 23 E0 06 22 E6 2A 2B AB 11 37 77 78 72 76 96 52 7E 97 4E A0 86 A0 1F E2 D0 81 DA C3 DB 4D BE 15 31 75 F7 21 12 CC A6 51 EB 33 1F 86 A9 8A 44 60 53 9D B4 25 08 DC 9B 25 D8 1D 98 7D A9 FF 7C 50 94 0D DA A9 3F EB AF 1F 81 5B CD B5 9F 70 71 35 83 64 23 98 D6 3F 4C 20 CF 90 D5 E1 D1 3F 2E 68 69 3D 8C 31 03 44 F8 97 79 21 04 D0 D4 B2 7E 3C EF F7 04 3C C4 51 E4 6D BF 76 A1 A0 D0 36 78 48 19 F5 50 2D 5B DA 16 0A E8 E1 B4 21 7E 86 CE E2 49 6D 45 1E 66 1B F5 04 96 DD F5 49 53 49 74 99 23 F6 C9 41 10
URLs

http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion/?STAHYJUHGFV

http://helpqvrg3cc5mvb3.onion/

Targets

    • Target

      59e0ab333060b4e510db5d36d87f0fe267ab66b0881955649b06d91d6dd2d486

    • Size

      360KB

    • MD5

      2f121145ea11b36f9ade0cb8f319e40a

    • SHA1

      d68049989ce98f71f6a562e439f6b6f0a165f003

    • SHA256

      59e0ab333060b4e510db5d36d87f0fe267ab66b0881955649b06d91d6dd2d486

    • SHA512

      9211a74cfa23c70c6ace8bd168ecbe1bb4a06d2e03b5adff5546115137b6ce849d3e41337581123d48e5082319f507d8f2d274621317fada182530e4a0abb6c7

    Score
    10/10
    globeimposterransomwarespywarestealer

    • GlobeImposter

      GlobeImposter is a ransomware first seen in 2017.

      ransomwareglobeimposter

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks