Extracted

Extracted

• • Target

    491682e4990a7cca7b5ea6d82fe56cb030023a5a497a9a73a733ac89ea5c68c7

  • Size

    50KB

  • MD5

    656ee1e1c5e105e256835db00b7c6e2d

  • SHA1

    6f5340a175ea4b285787b38575a0073cd30af79f

  • SHA256

    491682e4990a7cca7b5ea6d82fe56cb030023a5a497a9a73a733ac89ea5c68c7

  • SHA512

    30f22b2fd87e8fee932fc435762d210afb5cec1b694782f874d893da230f838e45e633999a1cc503b68816ca5f811d06685f2c050bf7a2da68eb23bfcbe74806

  Score

  10^/10

  globeimposterpersistenceransomwarespywarestealer

  • GlobeImposter

    GlobeImposter is a ransomware first seen in 2017.

    ransomwareglobeimposter

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  behavioral1behavioral2