Extracted

Extracted

• • Target

    bfc93d4232acc31118a57d9fb366fea1629ec51315364dd08ba9f8f3ea6d6bec

  • Size

    50KB

  • MD5

    8317a3feec41bede500a125206540b69

  • SHA1

    9dc64cafedb266c40cc9064730ff0838e49b6a12

  • SHA256

    bfc93d4232acc31118a57d9fb366fea1629ec51315364dd08ba9f8f3ea6d6bec

  • SHA512

    faa06698bc69aa3a3eff91a3eed9ff7e92a83a5a34cc39265ff03b3deef9d9de6a50ccc95bbfbd805d5c5f60a1e42283dec63511924355100e451ce20a0a00d1

  Score

  10^/10

  globeimposterpersistenceransomwarespywarestealer

  • GlobeImposter

    GlobeImposter is a ransomware first seen in 2017.

    ransomwareglobeimposter

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  behavioral1behavioral2