General
-
Target
31500fe985cc88fd31f0d40b6a063215cbf06bbf05d32874114ff242b397c570
-
Size
53KB
-
Sample
220211-hv18hacba8
-
MD5
49105ba2250df1a9a3b91c909f029169
-
SHA1
9ac66e5044fb111bec366a33266c20ab5a19353e
-
SHA256
31500fe985cc88fd31f0d40b6a063215cbf06bbf05d32874114ff242b397c570
-
SHA512
04853bde5c8e94990bcd308f02b20d95b59e11143acb21dd96b9ccc9e7fb4554983245903cc887fdd65e20645f4b37c1f4749844fe83085b0e583a9f67244715
Malware Config
Targets
-
-
Target
31500fe985cc88fd31f0d40b6a063215cbf06bbf05d32874114ff242b397c570
-
Size
53KB
-
MD5
49105ba2250df1a9a3b91c909f029169
-
SHA1
9ac66e5044fb111bec366a33266c20ab5a19353e
-
SHA256
31500fe985cc88fd31f0d40b6a063215cbf06bbf05d32874114ff242b397c570
-
SHA512
04853bde5c8e94990bcd308f02b20d95b59e11143acb21dd96b9ccc9e7fb4554983245903cc887fdd65e20645f4b37c1f4749844fe83085b0e583a9f67244715
Score10/10-
GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-