globeimposter | fb81336ee621095c2ee45675a0f51537a410ebdf08de3b04004d06b9e271db26 | Triage

Submit
Reports

Overview

overview

Static

static

fb81336ee6...26.exe

windows7_x64

fb81336ee6...26.exe

windows10-2004_x64

Sharing

General

Target

fb81336ee621095c2ee45675a0f51537a410ebdf08de3b04004d06b9e271db26
Size

54KB
Sample

220211-g4453sdddm
MD5

7b3b486072cc0e27155fc0650fe4e42b
SHA1

3fa908c890743e4f93f6250220bd137433198bcb
SHA256

fb81336ee621095c2ee45675a0f51537a410ebdf08de3b04004d06b9e271db26
SHA512

8e037694902f4ea6dadcce841fe1face23d77756f7bc0bb4af82d35a34dfc0f32a9400296672f77fdc7c62498e8bf8a07439d6427d9a359923ae16fe34051c55

Score

10^/10

globeimposter persistence ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

fb81336ee621095c2ee45675a0f51537a410ebdf08de3b04004d06b9e271db26.exe

Resource

win7-en-20211208

globeimposter persistence ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

fb81336ee621095c2ee45675a0f51537a410ebdf08de3b04004d06b9e271db26.exe

Resource

win10v2004-en-20220112

globeimposter persistence ransomware spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  fb81336ee621095c2ee45675a0f51537a410ebdf08de3b04004d06b9e271db26
- Size
  
  54KB
- MD5
  
  7b3b486072cc0e27155fc0650fe4e42b
- SHA1
  
  3fa908c890743e4f93f6250220bd137433198bcb
- SHA256
  
  fb81336ee621095c2ee45675a0f51537a410ebdf08de3b04004d06b9e271db26
- SHA512
  
  8e037694902f4ea6dadcce841fe1face23d77756f7bc0bb4af82d35a34dfc0f32a9400296672f77fdc7c62498e8bf8a07439d6427d9a359923ae16fe34051c55
Score

10^/10

globeimposter persistence ransomware spyware stealer
- GlobeImposter
  GlobeImposter is a ransomware first seen in 2017.
  ransomware globeimposter
- Suspicious use of NtCreateProcessExOtherParentProcess
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

globeimposterpersistenceransomwarespywarestealer

behavioral2

globeimposterpersistenceransomwarespywarestealer

© 2018-2025

Terms | Privacy