General
-
Target
2947bfc106e73121901c99b5498e03aa89670ad36cccfe0e04b898ea296c60fb
-
Size
51KB
-
Sample
220211-hwwpeacbb5
-
MD5
2b7c3032acfb4bbb938084e179fc1f26
-
SHA1
ef79fbbf085dcd326a120fe126556c5bc61cd0f1
-
SHA256
2947bfc106e73121901c99b5498e03aa89670ad36cccfe0e04b898ea296c60fb
-
SHA512
b3e0f7cdebd96d21e3be4f2737fc5cada304b975e8ef3ff8153c2dd95da80c2657b61976100d9debbbfec1f56e9e3aeba7933654f7328e32046d6eaab52773b8
Static task
static1
Behavioral task
behavioral1
Sample
70fa0e970a0c29da67b5f1468996eecf7116256c2b7212fb6667b0fb92ad839d.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
70fa0e970a0c29da67b5f1468996eecf7116256c2b7212fb6667b0fb92ad839d.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
C:\read-me.txt
globeimposter
http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion/?STAHYJUHGFV
http://helpqvrg3cc5mvb3.onion/
Extracted
C:\read-me.txt
globeimposter
http://mmeeiix2ejdwkmseycljetmpiwebdvgjts75c63camjofn2cjdoulzqd.onion/?STAHYJUHGFV
http://helpqvrg3cc5mvb3.onion/
Targets
-
-
Target
70fa0e970a0c29da67b5f1468996eecf7116256c2b7212fb6667b0fb92ad839d.exe
-
Size
51KB
-
MD5
82f5dbbe1726bb9005072690b201aaac
-
SHA1
7aef263a300c999b2a3d7d459308db6fb1906790
-
SHA256
70fa0e970a0c29da67b5f1468996eecf7116256c2b7212fb6667b0fb92ad839d
-
SHA512
3cf95d7960fc2385041c1f51efe2180c1576ba191cd2699d36161d6740ffcb316f5db08d014404da426018341c0c60e14e22e1cb9bfed6d540ce657aaba85dcb
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-