Extracted

Extracted

• • Target

    350542a03ae2eab2f12f6f61abf925e2.exe

  • Size

    463KB

  • MD5

    350542a03ae2eab2f12f6f61abf925e2

  • SHA1

    b943c338607b82fcf72d398ebb317731b5c267c1

  • SHA256

    42cf8f16f7a65509a5916cd1f0b25d6192749965fe5ee32c63428cb8f63c6a75

  • SHA512

    cba2429d51c436c3a1f18bbd28a5a625810c3c11321648ac0ccbb47a511eed1c0818adbe31e3a0c2d074559044ca5536a9a92de1da1f327c923fa070a9ad6cc2

  • SSDEEP

    12288:UxkzrbETClw86ZILRaflV8jN69EpHskFgFwIyXCD:d76CxYP8j89ExskFgqIyX

  Score

  10^/10

  globeimposterpersistenceransomwarespywarestealer

  • GlobeImposter

    GlobeImposter is a ransomware first seen in 2017.

    ransomwareglobeimposter

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Suspicious use of SetThreadContext

  behavioral1behavioral2