Extracted

Extracted

• • Target

    5cd02ef954d51126f01144c77a353c9362accc62c56a0292e5bb29e0a58901b2

  • Size

    528KB

  • MD5

    22dce5b7daed8cfb14aa9e8e7eed1d2f

  • SHA1

    ad04ba678cdc09526804c6f2a6341b221c9ac73f

  • SHA256

    5cd02ef954d51126f01144c77a353c9362accc62c56a0292e5bb29e0a58901b2

  • SHA512

    64cd8f6c65f31e8a6e7db7a9dbb892f36b553ccdf7f4327f06148fd93fc2e50228351b99318daf2512aa00d901791d1b3c997d291a17ade5eb2ffaf224069f09

  Score

  10^/10

  globeimposterlockbitpersistenceransomwarespywarestealer

  • GlobeImposter

    GlobeImposter is a ransomware first seen in 2017.

    ransomwareglobeimposter

  • Lockbit

    Ransomware family with multiple variants released since late 2019.

    ransomwarelockbit

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Suspicious use of SetThreadContext

  behavioral1behavioral2