Extracted

• • Target

    f46d1ec2c56550f33b4f30f7f0763503b5a59e0004666de62c9483a0b4dfcac7

  • Size

    817KB

  • MD5

    04552db2a9d8be2843b2d03fee3772a5

  • SHA1

    5be03fb16f18a8ab2a911833e602cdcd2b2c34f5

  • SHA256

    f46d1ec2c56550f33b4f30f7f0763503b5a59e0004666de62c9483a0b4dfcac7

  • SHA512

    34b9c1aab0abb06b4c91d4a15b3c8e259e6dd6a134b00ff077969c01999ea13c50ae7144571121d93fcecd9c14e2b0f958ceaeae0b4ee61edf6d794cbbfecd5c

  • SSDEEP

    24576:6h/AKI2l60YNHkxjmGymEGsqMDxwg5+Ro:k/pXIExSKEZqM7e

  Score

  10^/10

  globeimposterpersistenceransomwarespywarestealer

  • GlobeImposter

    GlobeImposter is a ransomware first seen in 2017.

    ransomwareglobeimposter

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Suspicious use of SetThreadContext

  behavioral1