globeimposter | 680b68bf2f022aea080cc2a864e591538daa5bab2022f373db567ab436263ac2 | Triage

Sharing

General

Target

680b68bf2f022aea080cc2a864e591538daa5bab2022f373db567ab436263ac2
Size

53KB
Sample

220211-hlz9vacaa5
MD5

0774b1ee36f43ed2350e2bdd4bdb3f36
SHA1

148a2b59389a9bf6a2c3e3cb6de841529a52efa3
SHA256

680b68bf2f022aea080cc2a864e591538daa5bab2022f373db567ab436263ac2
SHA512

dfaec3926c6ab545832a59dd64e997f20fc32dca133187bcea1cede8fa6772c040a670b1ee694baae5cdf3747b4e4ce4512a76f1ae867aac977f1e32d0a40afa

Score

10^/10

globeimposter locky persistence ransomware

Malware Config

Targets

- Target
  
  680b68bf2f022aea080cc2a864e591538daa5bab2022f373db567ab436263ac2
- Size
  
  53KB
- MD5
  
  0774b1ee36f43ed2350e2bdd4bdb3f36
- SHA1
  
  148a2b59389a9bf6a2c3e3cb6de841529a52efa3
- SHA256
  
  680b68bf2f022aea080cc2a864e591538daa5bab2022f373db567ab436263ac2
- SHA512
  
  dfaec3926c6ab545832a59dd64e997f20fc32dca133187bcea1cede8fa6772c040a670b1ee694baae5cdf3747b4e4ce4512a76f1ae867aac977f1e32d0a40afa
Score

10^/10

globeimposter locky persistence ransomware
- GlobeImposter
  GlobeImposter is a ransomware first seen in 2017.
  ransomware globeimposter
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

globeimposterlockypersistenceransomware

behavioral2

globeimposterlockypersistenceransomware