General

  • Target

    8808e4e220fcda37bdb05b703e86053f88a6ebd68037d37ef89754c459d7ad2b.exe

  • Size

    169KB

  • Sample

    230112-3l7n5sfd6y

  • MD5

    c99e32fb49a2671a6136535c6537c4d7

  • SHA1

    ada9bcb3da63e7b989b279fb6c3bc9fe7ff7b41f

  • SHA256

    8808e4e220fcda37bdb05b703e86053f88a6ebd68037d37ef89754c459d7ad2b

  • SHA512

    ad77caa95954281cdb11239e832953a5c256981b2bc12fe48029ae002bd49c2715108bdf80a45f6aad459a110fa952cbb87fcae09ff23c79e2845a4296067257

  • SSDEEP

    3072:Z1E/rS2paccKntcIaKZEKIOjWqGxaTga0rIJ2SEguMG6NTCJAEhRP7ym6VwM1E6x:Z1on2KvuxaUa0NtgdTgXDTOpRh

Malware Config

Targets

    • Target

      8808e4e220fcda37bdb05b703e86053f88a6ebd68037d37ef89754c459d7ad2b.exe

    • Size

      169KB

    • MD5

      c99e32fb49a2671a6136535c6537c4d7

    • SHA1

      ada9bcb3da63e7b989b279fb6c3bc9fe7ff7b41f

    • SHA256

      8808e4e220fcda37bdb05b703e86053f88a6ebd68037d37ef89754c459d7ad2b

    • SHA512

      ad77caa95954281cdb11239e832953a5c256981b2bc12fe48029ae002bd49c2715108bdf80a45f6aad459a110fa952cbb87fcae09ff23c79e2845a4296067257

    • SSDEEP

      3072:Z1E/rS2paccKntcIaKZEKIOjWqGxaTga0rIJ2SEguMG6NTCJAEhRP7ym6VwM1E6x:Z1on2KvuxaUa0NtgdTgXDTOpRh

    • GlobeImposter

      GlobeImposter is a ransomware first seen in 2017.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks