General

  • Target

    1c2d5cccca58b469351980895c8a2080c8346de09c2f1ab7a123deb3d3e4a539

  • Size

    53KB

  • Sample

    230127-l1tx6aab57

  • MD5

    7791c18c9d4a94d80a7928644937c070

  • SHA1

    41fca79af1747a862864d2c9114648d6f5404bed

  • SHA256

    1c2d5cccca58b469351980895c8a2080c8346de09c2f1ab7a123deb3d3e4a539

  • SHA512

    81043a21b0e0588b3594210b2339c656d994b72b2787da68a5f433992e054c2bec961e4403997ec846f38862c15a1ff6c5f9faece1b122e838baec759e14f012

  • SSDEEP

    768:XZvuye1kVtGBk6P/v7nWlHznbkVwrEKD9yDwxVSHrowNI2tG6o/t84B5VmXOt:XZeytM3alnawrRIwxVSHMweio3xt

Malware Config

Targets

    • Target

      1c2d5cccca58b469351980895c8a2080c8346de09c2f1ab7a123deb3d3e4a539

    • Size

      53KB

    • MD5

      7791c18c9d4a94d80a7928644937c070

    • SHA1

      41fca79af1747a862864d2c9114648d6f5404bed

    • SHA256

      1c2d5cccca58b469351980895c8a2080c8346de09c2f1ab7a123deb3d3e4a539

    • SHA512

      81043a21b0e0588b3594210b2339c656d994b72b2787da68a5f433992e054c2bec961e4403997ec846f38862c15a1ff6c5f9faece1b122e838baec759e14f012

    • SSDEEP

      768:XZvuye1kVtGBk6P/v7nWlHznbkVwrEKD9yDwxVSHrowNI2tG6o/t84B5VmXOt:XZeytM3alnawrRIwxVSHMweio3xt

    • GlobeImposter

      GlobeImposter is a ransomware first seen in 2017.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks