Analysis
-
max time kernel
170s -
max time network
201s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
11-02-2022 06:48
General
-
Target
75e6ef66914b9e180f649e42055de192163266c84072562a74eddda03437f4ac.exe
-
Size
52KB
-
MD5
6a1eb94548ad075353d7e55826ad15a4
-
SHA1
7719bc9194ddbfb1a496e8a15827592a5e371a14
-
SHA256
75e6ef66914b9e180f649e42055de192163266c84072562a74eddda03437f4ac
-
SHA512
37da482e3c71ee824c10f05d4d25ad6120e99dbf614c311c1743c108b5cce61da376709938fc1fe0cfed726568e6d071b64ffec5c22247a66dda170a4fcda9f2
Score
10/10
Malware Config
Extracted
Path
C:\instructions.html
Ransom Note
-----BEGIN PERSONAL IDENTIFIER-----
�����������5E 4E 06 15 5A 1B 58 AB 3C E9 E6 6B 13 20 C1 C4
2C FE 37 E1 FD 14 FD D0 74 BD EC 0E E5 AD DE 23
79 CF 6A A4 EE 07 D1 AF 1A 3A A1 1B BE E1 44 8B
F0 1D ED A7 56 6F 5C C4 A5 A0 BE DB FE 58 AF F7
F6 53 6A A1 68 30 B6 F3 7B 31 3A B5 4C 86 A3 29
04 A5 C6 30 E9 69 61 47 97 73 D5 BC 96 4E 59 A7
27 CA DF 68 31 C1 33 11 A2 16 47 20 A6 29 61 7C
26 D2 A2 4A B1 F9 E1 A5 3F 65 77 45 18 EF 94 0C
A9 8E 15 0E 7E 42 A7 AA F9 21 88 C8 B5 C0 CD 12
CF 5E 02 AB 04 C5 E5 3F 1F F2 CD E3 FF DC 82 EB
BB 16 4F E8 26 C6 50 A4 8D BC C4 F3 5F E8 27 56
64 22 94 7E 35 44 CD 00 65 2B 26 93 36 AC C2 5B
C0 64 DF 14 DC 52 46 30 11 7A 22 7B D1 70 06 2E
6E D4 F8 53 E4 2C CB D3 45 C6 D3 AF 1C 2D 87 A4
5C 7A 47 D2 AB 14 F7 37 1B D2 09 F4 96 17 CE EE
CF 60 AD B7 E1 B8 E9 29 4E BB 71 2E 31 39 0C 7D
-----END PERSONAL IDENTIFIER-----
All your files have been encrypted due to a security problem with your PC.
Now you should send us email with your personal identifier.
This email will be as confirmation you are ready to pay for decryption key.
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
Contact us using this email address: [email protected]
Free decryption as guarantee!
Before paying you can send us up to 3 files for free decryption.
Files should not contain valuable information (databases, backups, large excel sheets, etc.).
__________________________________________________________________________________________________
| |
| How to obtain Bitcoins? |
| |
| * The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click |
| 'Buy bitcoins', and select the seller by payment method and price: |
| https://localbitcoins.com/buy_bitcoins |
| * Also you can find other places to buy Bitcoins and beginners guide here: |
| http://www.coindesk.com/information/how-can-i-buy-bitcoins |
| |
|__________________________________________________________________________________________________|
__________________________________________________________________________________________________
| |
| Attention! |
| |
| * Do not rename encrypted files. |
| * Do not try to decrypt your data using third party software, it may cause permanent data loss. |
| * Do not try decryption of your files with the help of third parties. You can become a victim |
| of a scam. |
|__________________________________________________________________________________________________|
��������
Emails
Signatures
-
GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops desktop.ini file(s) 20 IoCs
-
Drops file in Windows directory 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\75e6ef66914b9e180f649e42055de192163266c84072562a74eddda03437f4ac.exe"C:\Users\Admin\AppData\Local\Temp\75e6ef66914b9e180f649e42055de192163266c84072562a74eddda03437f4ac.exe"1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
16KB