globeimposter | 5ce524f15b8af68710ce37d50369cd98f02af2a9686d8c8354ae8bcd012ac656 | Triage

Sharing

General

Target

5ce524f15b8af68710ce37d50369cd98f02af2a9686d8c8354ae8bcd012ac656
Size

182KB
Sample

220801-fm4bsabhgl
MD5

24d15acb44fbd11df27da3d21facddbf
SHA1

4b44fa8494ae5d364f65bad738d24086ec0fc9df
SHA256

5ce524f15b8af68710ce37d50369cd98f02af2a9686d8c8354ae8bcd012ac656
SHA512

59b931faca67e3d1ecc6366ca0636bcd9988d7d09b731a58dacb683b0e96e62d665770e01ccabbb33bad5907517090a6e4aa6d583892f8378164e182589e20b9

Score

10^/10

globeimposter persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  5ce524f15b8af68710ce37d50369cd98f02af2a9686d8c8354ae8bcd012ac656
- Size
  
  182KB
- MD5
  
  24d15acb44fbd11df27da3d21facddbf
- SHA1
  
  4b44fa8494ae5d364f65bad738d24086ec0fc9df
- SHA256
  
  5ce524f15b8af68710ce37d50369cd98f02af2a9686d8c8354ae8bcd012ac656
- SHA512
  
  59b931faca67e3d1ecc6366ca0636bcd9988d7d09b731a58dacb683b0e96e62d665770e01ccabbb33bad5907517090a6e4aa6d583892f8378164e182589e20b9
Score

10^/10

globeimposter persistence ransomware spyware stealer
- GlobeImposter
  GlobeImposter is a ransomware first seen in 2017.
  ransomware globeimposter
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

globeimposterpersistenceransomwarespywarestealer

behavioral2

globeimposterpersistenceransomwarespywarestealer