Extracted

Extracted

• • Target

    359dba8d2718cae69e16a4dbb97bd01673d65efc5715ea935ce395679ee3516a

  • Size

    471KB

  • MD5

    68ae1cfdc0b53730b7ad43781155e598

  • SHA1

    fb4b60e97cb4445957d74de46b842e7d51ae950c

  • SHA256

    359dba8d2718cae69e16a4dbb97bd01673d65efc5715ea935ce395679ee3516a

  • SHA512

    0dbf148442cee19da08d6a5033013098e75f31c79057d2b2a76e43bfbde6e60aba495d12aeb69be31eb60c8e20e48256e93f62e0e4453c573d240fb37db710f7

  Score

  10^/10

  globeimposterlockbitpersistenceransomwarespywarestealer

  • GlobeImposter

    GlobeImposter is a ransomware first seen in 2017.

    ransomwareglobeimposter

  • Lockbit

    Ransomware family with multiple variants released since late 2019.

    ransomwarelockbit

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Suspicious use of SetThreadContext

  behavioral1behavioral2