General
-
Target
202409275709e6e2c04703a779bef68714cd5305globeimposter
-
Size
53KB
-
Sample
240927-n1mvystdmd
-
MD5
5709e6e2c04703a779bef68714cd5305
-
SHA1
cb6999e0d01f205fb58f21acd625d11dd986f8cd
-
SHA256
32bf1d17adf782b65621c1ec19414dbdd65c94996ab6a133c69a259ec327b7c4
-
SHA512
72a8892aae280cae6a509af96c146e62c53258e505d47a0b6e34620a334478a381b01bdf3704e83e1746fe4b176fc017ec694e5bc0c91587b4fd9f8d3b05321c
-
SSDEEP
1536:3oQeytM3alnawrRIwxVSHMweio3m3EvI:4Qey23alnaEIN/Wm3G
Static task
static1
Behavioral task
behavioral1
Sample
202409275709e6e2c04703a779bef68714cd5305globeimposter.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
202409275709e6e2c04703a779bef68714cd5305globeimposter.exe
Resource
win10v2004-20240802-en
Malware Config
Targets
-
-
Target
202409275709e6e2c04703a779bef68714cd5305globeimposter
-
Size
53KB
-
MD5
5709e6e2c04703a779bef68714cd5305
-
SHA1
cb6999e0d01f205fb58f21acd625d11dd986f8cd
-
SHA256
32bf1d17adf782b65621c1ec19414dbdd65c94996ab6a133c69a259ec327b7c4
-
SHA512
72a8892aae280cae6a509af96c146e62c53258e505d47a0b6e34620a334478a381b01bdf3704e83e1746fe4b176fc017ec694e5bc0c91587b4fd9f8d3b05321c
-
SSDEEP
1536:3oQeytM3alnawrRIwxVSHMweio3m3EvI:4Qey23alnaEIN/Wm3G
-
Renames multiple (6467) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1