globeimposter | 13b97fc3dfb4e7e9483ba221ab5f15e4ae2bf28d1d4113d9044867c219b92bb8 | Triage

Sharing

General

Target

13b97fc3dfb4e7e9483ba221ab5f15e4ae2bf28d1d4113d9044867c219b92bb8
Size

53KB
Sample

220211-h1bvssdhdr
MD5

b74b6ed4bfa38f2d517546bf03a05d2b
SHA1

60e50e59a5199b1db12c85bf3394e9f9531f26c6
SHA256

13b97fc3dfb4e7e9483ba221ab5f15e4ae2bf28d1d4113d9044867c219b92bb8
SHA512

f6a528d68ce7d209d8032bb5612586e5b12d831ac4be4684847b351112650fff5cc5d11e37a2478ee88ea1b1412cf109ee6b3828bc30d3a810c460db506ccfb2

Score

10^/10

globeimposter persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  13b97fc3dfb4e7e9483ba221ab5f15e4ae2bf28d1d4113d9044867c219b92bb8
- Size
  
  53KB
- MD5
  
  b74b6ed4bfa38f2d517546bf03a05d2b
- SHA1
  
  60e50e59a5199b1db12c85bf3394e9f9531f26c6
- SHA256
  
  13b97fc3dfb4e7e9483ba221ab5f15e4ae2bf28d1d4113d9044867c219b92bb8
- SHA512
  
  f6a528d68ce7d209d8032bb5612586e5b12d831ac4be4684847b351112650fff5cc5d11e37a2478ee88ea1b1412cf109ee6b3828bc30d3a810c460db506ccfb2
Score

10^/10

globeimposter persistence ransomware spyware stealer
- GlobeImposter
  GlobeImposter is a ransomware first seen in 2017.
  ransomware globeimposter
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

globeimposterpersistenceransomwarespywarestealer

behavioral2

globeimposterpersistenceransomware