Overview

overview

10

Static

static

3

fcbe45d42b...18.exe

windows7-x64

10

fcbe45d42b...18.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fcbe45d42b2134331496c74fca78aef9_JaffaCakes118

  • Size

    420KB

  • Sample

    240928-vfzgkswelr

  • MD5

    fcbe45d42b2134331496c74fca78aef9

  • SHA1

    d91d93a90cd5110b44533c068031c1cd0a8372a8

  • SHA256

    e1b14fc4d2cc073d99db38053c79ab0ce01ccb530efcb3474d0c921c0a932ac5

  • SHA512

    52f646c8fe967cacd8f01a8ab850fdec66032e1336d3a470a8663315f30a6e345779e978c913f965e987533c67fb033afb54a5ea6e325a9a4c0de90e2e06cc9f

  • SSDEEP

    6144:dkXEhgQHU9qGbZ3DFLhSdy+EUL7c1Qww639qdN0:dkXEhgQH0qGjsqULo1Qy3AT0

Score
10/10
globeimposterdiscoverypersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      fcbe45d42b2134331496c74fca78aef9_JaffaCakes118

    • Size

      420KB

    • MD5

      fcbe45d42b2134331496c74fca78aef9

    • SHA1

      d91d93a90cd5110b44533c068031c1cd0a8372a8

    • SHA256

      e1b14fc4d2cc073d99db38053c79ab0ce01ccb530efcb3474d0c921c0a932ac5

    • SHA512

      52f646c8fe967cacd8f01a8ab850fdec66032e1336d3a470a8663315f30a6e345779e978c913f965e987533c67fb033afb54a5ea6e325a9a4c0de90e2e06cc9f

    • SSDEEP

      6144:dkXEhgQHU9qGbZ3DFLhSdy+EUL7c1Qww639qdN0:dkXEhgQH0qGjsqULo1Qy3AT0

    Score
    10/10
    globeimposterdiscoverypersistenceransomwarespywarestealer

    • GlobeImposter

      GlobeImposter is a ransomware first seen in 2017.

      ransomwareglobeimposter

    • Renames multiple (2253) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks