globeimposter | 022faf1fa8b722ca8b72965632bfd9f1af6a210b9f46c1bcdcfe5222130266af | Triage

Sharing

General

Target

022faf1fa8b722ca8b72965632bfd9f1af6a210b9f46c1bcdcfe5222130266af
Size

53KB
Sample

220211-h2163sdhgj
MD5

6941266d82679a638c3eefa54d461280
SHA1

a0b5d4e2997415f4e477c840cdd9144f9d63e0bc
SHA256

022faf1fa8b722ca8b72965632bfd9f1af6a210b9f46c1bcdcfe5222130266af
SHA512

a8649a6ad1737337be993231ec7f5b45b6ba07e4399c7707895ef830e79183dcad5fd468fa4bf293e2764e6b25dd605f28e93ef584691bd37fff958865662c7d

Score

10^/10

globeimposter persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  022faf1fa8b722ca8b72965632bfd9f1af6a210b9f46c1bcdcfe5222130266af
- Size
  
  53KB
- MD5
  
  6941266d82679a638c3eefa54d461280
- SHA1
  
  a0b5d4e2997415f4e477c840cdd9144f9d63e0bc
- SHA256
  
  022faf1fa8b722ca8b72965632bfd9f1af6a210b9f46c1bcdcfe5222130266af
- SHA512
  
  a8649a6ad1737337be993231ec7f5b45b6ba07e4399c7707895ef830e79183dcad5fd468fa4bf293e2764e6b25dd605f28e93ef584691bd37fff958865662c7d
Score

10^/10

globeimposter persistence ransomware spyware stealer
- GlobeImposter
  GlobeImposter is a ransomware first seen in 2017.
  ransomware globeimposter
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

globeimposterpersistenceransomwarespywarestealer

behavioral2

globeimposterpersistenceransomware