General
-
Target
2c5612a412f7b73046bbb37b96d8164b7c909b98bbef2e69546d747bc41305e6
-
Size
50KB
-
Sample
220211-hwmrhacbb4
-
MD5
1af70fedf61539851e4040394369173b
-
SHA1
20e3dd1542c89e1a6a5cdf6bddab16374c1b2015
-
SHA256
2c5612a412f7b73046bbb37b96d8164b7c909b98bbef2e69546d747bc41305e6
-
SHA512
c09ad8d3f66449c1659794b7f0906f79914a0ada58dedd969ba365d92d9773fc3214416f9f75903a8a6760145e622af0dda11880b7d06187ce5eb69f94f740ad
Static task
static1
Behavioral task
behavioral1
Sample
2c5612a412f7b73046bbb37b96d8164b7c909b98bbef2e69546d747bc41305e6.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
2c5612a412f7b73046bbb37b96d8164b7c909b98bbef2e69546d747bc41305e6.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\read-me.txt
globeimposter
http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion/?STAHYJUHGFV
http://helpqvrg3cc5mvb3.onion/
Extracted
C:\read-me.txt
globeimposter
http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion/?STAHYJUHGFV
http://helpqvrg3cc5mvb3.onion/
Targets
-
-
Target
2c5612a412f7b73046bbb37b96d8164b7c909b98bbef2e69546d747bc41305e6
-
Size
50KB
-
MD5
1af70fedf61539851e4040394369173b
-
SHA1
20e3dd1542c89e1a6a5cdf6bddab16374c1b2015
-
SHA256
2c5612a412f7b73046bbb37b96d8164b7c909b98bbef2e69546d747bc41305e6
-
SHA512
c09ad8d3f66449c1659794b7f0906f79914a0ada58dedd969ba365d92d9773fc3214416f9f75903a8a6760145e622af0dda11880b7d06187ce5eb69f94f740ad
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-