General
-
Target
abd067159e47fc8d1b28f5c2832f01062ff1e4fefb4513ac07a0f9e6042f2f2c
-
Size
53KB
-
Sample
220211-hekktadefn
-
MD5
40251f80f5f18e5d33f915a8e02df352
-
SHA1
5c6eff5eb5f47d6d5585b7b81f46a505971dff84
-
SHA256
abd067159e47fc8d1b28f5c2832f01062ff1e4fefb4513ac07a0f9e6042f2f2c
-
SHA512
d5ff3c2ab2de28ea31792246244b3525553e75b307b4a9ac4716a1481e08faf947760f03548052f9edacaa61a0a7647fd592a20edd617d23c854580114623330
Malware Config
Targets
-
-
Target
abd067159e47fc8d1b28f5c2832f01062ff1e4fefb4513ac07a0f9e6042f2f2c
-
Size
53KB
-
MD5
40251f80f5f18e5d33f915a8e02df352
-
SHA1
5c6eff5eb5f47d6d5585b7b81f46a505971dff84
-
SHA256
abd067159e47fc8d1b28f5c2832f01062ff1e4fefb4513ac07a0f9e6042f2f2c
-
SHA512
d5ff3c2ab2de28ea31792246244b3525553e75b307b4a9ac4716a1481e08faf947760f03548052f9edacaa61a0a7647fd592a20edd617d23c854580114623330
Score10/10-
GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-