Extracted

Extracted

• • Target

    28644496493462629e22aeebb030e2536dbdaccdaee4dd782106f3b5099e897e

  • Size

    106KB

  • MD5

    0734b966a27e64eaeff718b18e469f6e

  • SHA1

    8214a6f9ac0c5c4ad4830b6829f2811a2dcfefe0

  • SHA256

    28644496493462629e22aeebb030e2536dbdaccdaee4dd782106f3b5099e897e

  • SHA512

    8a8c46890516e3e34be1de04a24720af96c217c472e133568b7220a191bab5560a9008aeb3d2c9239634295896ef237502c92cbe1fcfc51c76ce0adfbe73e063

  Score

  10^/10

  globeimposterlockbitpersistenceransomwarespywarestealer

  • GlobeImposter

    GlobeImposter is a ransomware first seen in 2017.

    ransomwareglobeimposter

  • Lockbit

    Ransomware family with multiple variants released since late 2019.

    ransomwarelockbit

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  behavioral1behavioral2