General
-
Target
f433f2bb54439aef2f42823d954bcd61a7b3e537b220cc7f8028ab49faa5c01b
-
Size
53KB
-
Sample
230225-ftf5tscc47
-
MD5
d3455af45341d4569fac4127ad4490c0
-
SHA1
7fe6c8cb118bc4bd479494be578f55131cba7523
-
SHA256
f433f2bb54439aef2f42823d954bcd61a7b3e537b220cc7f8028ab49faa5c01b
-
SHA512
05d57fb35614ee6d75d3a36bad76bdba9e4cbd2cb60dce481c560c85523077ba2a755b96ecef073e5d4b85ee39c67b98b40cb68b99b1239cde7ac6bd6952bcf2
-
SSDEEP
768:Ppsvuye1kVtGBk6P/v7nWlHznbkVwrEKD9yDwxVSHrowNI2tG6o/t84B5kpq/gQF:ReeytM3alnawrRIwxVSHMweio3alQF
Malware Config
Targets
-
-
Target
f433f2bb54439aef2f42823d954bcd61a7b3e537b220cc7f8028ab49faa5c01b
-
Size
53KB
-
MD5
d3455af45341d4569fac4127ad4490c0
-
SHA1
7fe6c8cb118bc4bd479494be578f55131cba7523
-
SHA256
f433f2bb54439aef2f42823d954bcd61a7b3e537b220cc7f8028ab49faa5c01b
-
SHA512
05d57fb35614ee6d75d3a36bad76bdba9e4cbd2cb60dce481c560c85523077ba2a755b96ecef073e5d4b85ee39c67b98b40cb68b99b1239cde7ac6bd6952bcf2
-
SSDEEP
768:Ppsvuye1kVtGBk6P/v7nWlHznbkVwrEKD9yDwxVSHrowNI2tG6o/t84B5kpq/gQF:ReeytM3alnawrRIwxVSHMweio3alQF
Score10/10-
GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-