globeimposter | c17adb4d8862114d6c22dc344143e0f2645b8ae1220a994bafa86b9ada9a99d3 | Triage

Sharing

General

Target

c17adb4d8862114d6c22dc344143e0f2645b8ae1220a994bafa86b9ada9a99d3
Size

53KB
Sample

220211-hbhbaabha2
MD5

aa3959df901da3c685505e23791f7875
SHA1

2933e04323a242c1bfbcd0bfac1124c4dd48555e
SHA256

c17adb4d8862114d6c22dc344143e0f2645b8ae1220a994bafa86b9ada9a99d3
SHA512

3f3876e197fdc2bdf124e3f07f295e342fc80c23523a0deacf3e8103b29bc7a5c5b45b4070f3e8ee251e09d4947ad7069f24384c049ecbffdfa49a26f4322aff

Score

10^/10

globeimposter persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  c17adb4d8862114d6c22dc344143e0f2645b8ae1220a994bafa86b9ada9a99d3
- Size
  
  53KB
- MD5
  
  aa3959df901da3c685505e23791f7875
- SHA1
  
  2933e04323a242c1bfbcd0bfac1124c4dd48555e
- SHA256
  
  c17adb4d8862114d6c22dc344143e0f2645b8ae1220a994bafa86b9ada9a99d3
- SHA512
  
  3f3876e197fdc2bdf124e3f07f295e342fc80c23523a0deacf3e8103b29bc7a5c5b45b4070f3e8ee251e09d4947ad7069f24384c049ecbffdfa49a26f4322aff
Score

10^/10

globeimposter persistence ransomware spyware stealer
- GlobeImposter
  GlobeImposter is a ransomware first seen in 2017.
  ransomware globeimposter
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

globeimposterpersistenceransomwarespywarestealer

behavioral2

globeimposterpersistenceransomware