General
-
Target
2024-06-14_a8eca3e966b26811c05b1824931a4049_globeimposter
-
Size
53KB
-
Sample
240614-r3q7yavdre
-
MD5
a8eca3e966b26811c05b1824931a4049
-
SHA1
300bbee88bdf3244c4aeec592764c00f3c011698
-
SHA256
b4cb77890f8ce75b538ba09ceea0c1ca38089b188396c7ee3bccc14e2937c218
-
SHA512
c0740f6eb94f8b732e16c41d7b65155056073ae29e8d814ee2ce156c4f4fb37c85c714a7768931da28efb1deead8e10920480d644777282da34c0ea6ec0f7925
-
SSDEEP
1536:BjkfV+KJolntwrbDSTWvTwhQMhmpdLZT:B4fIKJolntGDT5qm3LZT
Malware Config
Targets
-
-
Target
2024-06-14_a8eca3e966b26811c05b1824931a4049_globeimposter
-
Size
53KB
-
MD5
a8eca3e966b26811c05b1824931a4049
-
SHA1
300bbee88bdf3244c4aeec592764c00f3c011698
-
SHA256
b4cb77890f8ce75b538ba09ceea0c1ca38089b188396c7ee3bccc14e2937c218
-
SHA512
c0740f6eb94f8b732e16c41d7b65155056073ae29e8d814ee2ce156c4f4fb37c85c714a7768931da28efb1deead8e10920480d644777282da34c0ea6ec0f7925
-
SSDEEP
1536:BjkfV+KJolntwrbDSTWvTwhQMhmpdLZT:B4fIKJolntGDT5qm3LZT
Score10/10-
GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
-
Renames multiple (7095) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-