globeimposter | bba191410c6f9a73147dddd0210332257a9390e26c9bc7766911fa1230447703 | Triage

Sharing

General

Target

bba191410c6f9a73147dddd0210332257a9390e26c9bc7766911fa1230447703
Size

53KB
Sample

220211-hb841abha6
MD5

c26a2f973f15c958ef3aee80c9d403b7
SHA1

a7e73b27a21dbf0bbada481ca30c24bed32da259
SHA256

bba191410c6f9a73147dddd0210332257a9390e26c9bc7766911fa1230447703
SHA512

917b7020a7f7b66b6880dc81c8661f10a666dd3d77a185fe7847a56da77fc31ed94a3ee71a15c599adb04d4f716e849bcc66f351ac8c5eaed2c827a2296c24f8

Score

10^/10

globeimposter persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  bba191410c6f9a73147dddd0210332257a9390e26c9bc7766911fa1230447703
- Size
  
  53KB
- MD5
  
  c26a2f973f15c958ef3aee80c9d403b7
- SHA1
  
  a7e73b27a21dbf0bbada481ca30c24bed32da259
- SHA256
  
  bba191410c6f9a73147dddd0210332257a9390e26c9bc7766911fa1230447703
- SHA512
  
  917b7020a7f7b66b6880dc81c8661f10a666dd3d77a185fe7847a56da77fc31ed94a3ee71a15c599adb04d4f716e849bcc66f351ac8c5eaed2c827a2296c24f8
Score

10^/10

globeimposter persistence ransomware spyware stealer
- GlobeImposter
  GlobeImposter is a ransomware first seen in 2017.
  ransomware globeimposter
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

globeimposterpersistenceransomwarespywarestealer

behavioral2

globeimposterpersistenceransomware