Extracted

• • Target

    02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05

  • Size

    784KB

  • MD5

    a3358ec5693882fb9da9a031fcf74f97

  • SHA1

    c359edad98f3e3ee8c6133116e8c561f5ffe7aea

  • SHA256

    02a28057e6a382ceed0d6a0a5534220cc9e46746ebbf86b95dc8ecccc93cdd05

  • SHA512

    8a42711b2c82ff587a94be1b836073214b75779b05ab6c68576079f50b94dc9387b9854c633baec3583619d46e875ce0807fd08049e5d5523d906b07b2e02b33

  • SSDEEP

    12288:NPprdT9bQ8dZpI0+64M++I8QX7BIXVpQWsNTADQjL9QWi8pVrc1NfpHsVfdc:nQ8Wht+IJXzTRjJQJ8phcO

  Score

  10^/10

  globeimposterpersistenceransomwarespywarestealer

  • GlobeImposter

    GlobeImposter is a ransomware first seen in 2017.

    ransomwareglobeimposter

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Suspicious use of SetThreadContext

  behavioral1behavioral2