globeimposter | 492ebfcedbaf4538da77117d75496395f70e8ac1becaf4c0cde93cc07de6b337 | Triage

Sharing

General

Target

492ebfcedbaf4538da77117d75496395f70e8ac1becaf4c0cde93cc07de6b337
Size

66KB
Sample

220211-hrqbtsdgbr
MD5

d923bd5e780810959661a7823a1b1d3c
SHA1

2aeaba004e51e4eab8ca0c529af5ba1e8cee7355
SHA256

492ebfcedbaf4538da77117d75496395f70e8ac1becaf4c0cde93cc07de6b337
SHA512

125f26647e03aaf58f651162e31943929a991d90b2ec9c3a112b7eb2b8b9e5c4164509ef122e69b3c0b3a74fa951885f7fd2f8d8463f1f69380c6190bb19cc8d

Score

10^/10

globeimposter persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  492ebfcedbaf4538da77117d75496395f70e8ac1becaf4c0cde93cc07de6b337
- Size
  
  66KB
- MD5
  
  d923bd5e780810959661a7823a1b1d3c
- SHA1
  
  2aeaba004e51e4eab8ca0c529af5ba1e8cee7355
- SHA256
  
  492ebfcedbaf4538da77117d75496395f70e8ac1becaf4c0cde93cc07de6b337
- SHA512
  
  125f26647e03aaf58f651162e31943929a991d90b2ec9c3a112b7eb2b8b9e5c4164509ef122e69b3c0b3a74fa951885f7fd2f8d8463f1f69380c6190bb19cc8d
Score

10^/10

globeimposter persistence ransomware spyware stealer
- GlobeImposter
  GlobeImposter is a ransomware first seen in 2017.
  ransomware globeimposter
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

globeimposterpersistenceransomwarespywarestealer

behavioral2

globeimposterpersistenceransomwarespywarestealer