Extracted

Extracted

• • Target

    file.exe

  • Size

    646KB

  • MD5

    fac0564b69ab03050cf82098f98317e1

  • SHA1

    01d6d9b1acd7c97ddf53fe704bfdd7a587f8884f

  • SHA256

    3d8b538a62473db2cd132f6eded5ba1c81c1d04702a40399a702c514247c12dc

  • SHA512

    31723a2f2e90486ba567a7875a406ff548449966a9beb3b795761859f1c4a5b5950c92946d3c74d6d4410057c03d6c22d3bce1710a7099af35fd1d5eee14feb7

  • SSDEEP

    12288:n/fHh2vI2amObUyGDWC7V3zuemBkCljzJVYPzzHuuf9F/Xriz5yP:n/pBmObUXDFykChJVszzH9z/7iz5yP

  Score

  10^/10

  globeimposterpersistenceransomwarespywarestealer

  • GlobeImposter

    GlobeImposter is a ransomware first seen in 2017.

    ransomwareglobeimposter

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Suspicious use of SetThreadContext

  behavioral1behavioral2