General

  • Target

    f433f2bb54439aef2f42823d954bcd61a7b3e537b220cc7f8028ab49faa5c01b.exe

  • Size

    53KB

  • Sample

    230225-fs5f2aca61

  • MD5

    d3455af45341d4569fac4127ad4490c0

  • SHA1

    7fe6c8cb118bc4bd479494be578f55131cba7523

  • SHA256

    f433f2bb54439aef2f42823d954bcd61a7b3e537b220cc7f8028ab49faa5c01b

  • SHA512

    05d57fb35614ee6d75d3a36bad76bdba9e4cbd2cb60dce481c560c85523077ba2a755b96ecef073e5d4b85ee39c67b98b40cb68b99b1239cde7ac6bd6952bcf2

  • SSDEEP

    768:Ppsvuye1kVtGBk6P/v7nWlHznbkVwrEKD9yDwxVSHrowNI2tG6o/t84B5kpq/gQF:ReeytM3alnawrRIwxVSHMweio3alQF

Malware Config

Targets

    • Target

      f433f2bb54439aef2f42823d954bcd61a7b3e537b220cc7f8028ab49faa5c01b.exe

    • Size

      53KB

    • MD5

      d3455af45341d4569fac4127ad4490c0

    • SHA1

      7fe6c8cb118bc4bd479494be578f55131cba7523

    • SHA256

      f433f2bb54439aef2f42823d954bcd61a7b3e537b220cc7f8028ab49faa5c01b

    • SHA512

      05d57fb35614ee6d75d3a36bad76bdba9e4cbd2cb60dce481c560c85523077ba2a755b96ecef073e5d4b85ee39c67b98b40cb68b99b1239cde7ac6bd6952bcf2

    • SSDEEP

      768:Ppsvuye1kVtGBk6P/v7nWlHznbkVwrEKD9yDwxVSHrowNI2tG6o/t84B5kpq/gQF:ReeytM3alnawrRIwxVSHMweio3alQF

    • GlobeImposter

      GlobeImposter is a ransomware first seen in 2017.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks