globeimposter | 7375b2047d519fffcbe1191522efbf73dcda6073a4fc9b77f01f009c437a2fe8 | Triage

Resubmissions

18-08-2022 13:44

220818-q18hrsaca7 10

30-03-2022 09:01

220330-ky21bafbdq 10

Sharing

General

Target

bomani2.exe
Size

56KB
Sample

220818-q18hrsaca7
MD5

cadf573e4ca120639a1e5484e985938d
SHA1

ff0d09efbb1495982073291351a81de59e2c3c0d
SHA256

7375b2047d519fffcbe1191522efbf73dcda6073a4fc9b77f01f009c437a2fe8
SHA512

a8496afe762828b23f3568c49954a7c84c2390e0b2d2bb54c141fa9af2db390fd1f0a7582a006ed2b315fd074e4a2268bfdc52a1923f1a28e706000db92015ef
SSDEEP

1536:gmPeytM3alnawrRIwxVSHMweio3yHLBCo:pPey23alnaEIN/WyHLBCo

Score

10^/10

globeimposter persistence ransomware spyware stealer

Malware Config

Targets

- Target
  
  bomani2.exe
- Size
  
  56KB
- MD5
  
  cadf573e4ca120639a1e5484e985938d
- SHA1
  
  ff0d09efbb1495982073291351a81de59e2c3c0d
- SHA256
  
  7375b2047d519fffcbe1191522efbf73dcda6073a4fc9b77f01f009c437a2fe8
- SHA512
  
  a8496afe762828b23f3568c49954a7c84c2390e0b2d2bb54c141fa9af2db390fd1f0a7582a006ed2b315fd074e4a2268bfdc52a1923f1a28e706000db92015ef
- SSDEEP
  
  1536:gmPeytM3alnawrRIwxVSHMweio3yHLBCo:pPey23alnaEIN/WyHLBCo
Score

10^/10

globeimposter persistence ransomware spyware stealer
- GlobeImposter
  GlobeImposter is a ransomware first seen in 2017.
  ransomware globeimposter
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

globeimposterpersistenceransomwarespywarestealer