globeimposter

General

Target

01304bd638ed3fb82645b1487c019b32ebf21d867920a8d58bba605d5d15d31c
Size

50KB
Sample

220306-dlm73ahhc3
MD5

339c00f5861c6381d0a66106f532bf0b
SHA1

4e8f95b7170907c427652278ea8967b255651d14
SHA256

01304bd638ed3fb82645b1487c019b32ebf21d867920a8d58bba605d5d15d31c
SHA512

df30a9a428fd3d69b5ca0b97f2d736147efbe43326549a7427200a8a8bc835392ed43989b8e591e87034176195e538659b56fe7a86f3eb71fd8cfe8c4aa45338

Score

10^/10

Malware Config

Extracted

Path

C:\WERE_MY _FILES.txt

Family

globeimposter

Ransom Note

All your files are Encrypted! For data recovery needs decryptor. How to buy decryptor: ------------------------------------------------ create a ticket to any of these addresses yip.su/2QstD5 cutt.ly/0htT0he shorturl.at/GOY24 bit.ly/3399Ozf ------------------------------------------------ you can also attach a small cryptted file for a free test decrypt Additional communication method ------------------------------- 1. Download Tor browser - httpps://www.torproject.org/ 2. Install Tor browser 3. Open Tor Browser 4. Open link in TOR browser: http://helpqvrg3cc5mvb3.onion/ -------------------------------- You ID ��5F 0F 6A EC 42 26 A8 1D 13 97 54 C1 1A 51 C3 64 9B D1 18 FD 9A DE A7 8E D1 D1 78 E1 5E 55 17 D2 BB EF 82 60 41 EA 9B DB 73 D9 B8 22 AE 49 13 74 CF 77 8E 4D 9B D7 9F 81 C0 BE D5 95 70 ED 9B 55 53 CD 8B 27 78 B4 FE F1 B1 8A 33 4D 6C CA D6 F8 A7 C7 3E 5B F7 20 4C 67 74 DD 5C 25 E0 6E 16 94 A5 96 06 7C F6 C3 D3 4C C4 70 76 0B AB 7A F1 DE 7A 94 67 45 95 7A C7 F4 1F 3A 78 64 8D CA 8C 88 0C EA 8B 47 19 25 50 60 2E D0 5E 4D 61 D2 05 5C FF F2 73 91 62 5E F4 45 51 16 AB C3 6B D6 06 F0 8C A1 4E 82 4E D1 6A 7C 7A B2 59 E9 03 86 4B E8 05 D1 7B 3C C0 C2 89 A1 F6 59 E9 F9 7D B5 DE D2 D9 F0 33 99 25 79 48 81 07 86 48 BA 91 2C 90 4B 7E 82 9C FF 0B 24 66 AE FA 46 DE 6F C8 F3 EA 1B EF 41 18 4B FD 4B 12 31 C2 D9 5A 9E C1 58 83 1D 6A C5 30 42 BF D8 1C 7B A5 15 5B 92 44 18 DD 35 ��

URLs

httpps://www.torproject.org/

http://helpqvrg3cc5mvb3.onion/

Extracted

Path

C:\WERE_MY _FILES.txt

Family

globeimposter

Ransom Note

All your files are Encrypted! For data recovery needs decryptor. How to buy decryptor: ------------------------------------------------ create a ticket to any of these addresses yip.su/2QstD5 cutt.ly/0htT0he shorturl.at/GOY24 bit.ly/3399Ozf ------------------------------------------------ you can also attach a small cryptted file for a free test decrypt Additional communication method ------------------------------- 1. Download Tor browser - httpps://www.torproject.org/ 2. Install Tor browser 3. Open Tor Browser 4. Open link in TOR browser: http://helpqvrg3cc5mvb3.onion/ -------------------------------- You ID ��26 B5 9E 2A CC E9 64 58 27 4D 93 DF 4B 1D 29 A4 DF 0A AE 42 7E 0F 44 D1 1B 52 CF 18 C2 FE 91 E1 DC 7F CF 37 34 46 DF 7A 9D E6 69 5A 11 F0 E2 B6 AC 14 CD B1 49 9B D5 B1 34 D0 54 9C FD 3E 7A A2 5B 2A A4 33 1F 9B 6F 0C B4 40 5D 3E E1 EF DB ED 99 19 04 A2 E9 41 E1 27 95 80 EB 1C E2 DC 9C C7 8C 25 91 A5 CD C4 52 12 E5 61 C3 20 0E DA 61 92 35 41 C2 28 61 7D 85 36 02 6F FD 98 2D 59 F4 F7 66 E7 6F EF 20 94 6D 62 6D 19 A6 0C D1 1E B1 D6 CD AE 81 B8 09 8C 84 8D A5 3A 48 BE 27 D8 58 3D 70 92 99 5F E7 D2 4F 31 D6 A2 3B AA 6F E1 B9 94 66 46 7D B4 55 EE C8 2D 9F B7 E1 F5 44 0D 61 3F 9F 5B F2 FE 26 A9 31 4C A2 A7 21 39 6D DB 64 6B 1E 78 CD AE 35 6D 11 8C 7C 8F 08 03 E6 7A B4 8E 52 19 D4 A5 17 67 71 98 C6 9E 61 35 E0 9D A9 00 82 68 7B 02 DA EF 5B 72 66 0C 8F DE C0 61 1E 12 ��

URLs

httpps://www.torproject.org/

http://helpqvrg3cc5mvb3.onion/

Targets

- Target
  
  01304bd638ed3fb82645b1487c019b32ebf21d867920a8d58bba605d5d15d31c
- Size
  
  50KB
- MD5
  
  339c00f5861c6381d0a66106f532bf0b
- SHA1
  
  4e8f95b7170907c427652278ea8967b255651d14
- SHA256
  
  01304bd638ed3fb82645b1487c019b32ebf21d867920a8d58bba605d5d15d31c
- SHA512
  
  df30a9a428fd3d69b5ca0b97f2d736147efbe43326549a7427200a8a8bc835392ed43989b8e591e87034176195e538659b56fe7a86f3eb71fd8cfe8c4aa45338
Score

10^/10

globeimposter persistence ransomware spyware stealer
- GlobeImposter
  GlobeImposter is a ransomware first seen in 2017.
  ransomware globeimposter
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2