General
-
Target
8808e4e220fcda37bdb05b703e86053f88a6ebd68037d37ef89754c459d7ad2b.exe
-
Size
169KB
-
Sample
230108-pmrsesde74
-
MD5
c99e32fb49a2671a6136535c6537c4d7
-
SHA1
ada9bcb3da63e7b989b279fb6c3bc9fe7ff7b41f
-
SHA256
8808e4e220fcda37bdb05b703e86053f88a6ebd68037d37ef89754c459d7ad2b
-
SHA512
ad77caa95954281cdb11239e832953a5c256981b2bc12fe48029ae002bd49c2715108bdf80a45f6aad459a110fa952cbb87fcae09ff23c79e2845a4296067257
-
SSDEEP
3072:Z1E/rS2paccKntcIaKZEKIOjWqGxaTga0rIJ2SEguMG6NTCJAEhRP7ym6VwM1E6x:Z1on2KvuxaUa0NtgdTgXDTOpRh
Malware Config
Targets
-
-
Target
8808e4e220fcda37bdb05b703e86053f88a6ebd68037d37ef89754c459d7ad2b.exe
-
Size
169KB
-
MD5
c99e32fb49a2671a6136535c6537c4d7
-
SHA1
ada9bcb3da63e7b989b279fb6c3bc9fe7ff7b41f
-
SHA256
8808e4e220fcda37bdb05b703e86053f88a6ebd68037d37ef89754c459d7ad2b
-
SHA512
ad77caa95954281cdb11239e832953a5c256981b2bc12fe48029ae002bd49c2715108bdf80a45f6aad459a110fa952cbb87fcae09ff23c79e2845a4296067257
-
SSDEEP
3072:Z1E/rS2paccKntcIaKZEKIOjWqGxaTga0rIJ2SEguMG6NTCJAEhRP7ym6VwM1E6x:Z1on2KvuxaUa0NtgdTgXDTOpRh
Score10/10-
GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-