General
-
Target
2024-10-28_181f176a3977c2bddf27bb334e33b789_globeimposter
-
Size
53KB
-
Sample
241028-qrybfaxrer
-
MD5
181f176a3977c2bddf27bb334e33b789
-
SHA1
733080a58442d2c9fc8477058808e2a5856351fd
-
SHA256
2f2932e0116bbff9d831b178a67208584fb42522075464fcdb4afd417e323909
-
SHA512
5b09fc0233551a7173828f929b8a740a7769e1794912466f235b7e824d94c2ccf2d11de689075bfd58760897f01fbbbb7ab38b0941f9bcaf084633ccb07bf294
-
SSDEEP
768:VTHOvuye1kVtGBk6P/v7nWlHznbkVwrEKD9yDwxVSHrowNI2tG6o/t84B5vIb:qeytM3alnawrRIwxVSHMweio3ZIb
Static task
static1
Behavioral task
behavioral1
Sample
2024-10-28_181f176a3977c2bddf27bb334e33b789_globeimposter.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-10-28_181f176a3977c2bddf27bb334e33b789_globeimposter.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\Users\Public\Music\Sample Music\how_to_back_files.html
Extracted
C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\how_to_back_files.html
Targets
-
-
Target
2024-10-28_181f176a3977c2bddf27bb334e33b789_globeimposter
-
Size
53KB
-
MD5
181f176a3977c2bddf27bb334e33b789
-
SHA1
733080a58442d2c9fc8477058808e2a5856351fd
-
SHA256
2f2932e0116bbff9d831b178a67208584fb42522075464fcdb4afd417e323909
-
SHA512
5b09fc0233551a7173828f929b8a740a7769e1794912466f235b7e824d94c2ccf2d11de689075bfd58760897f01fbbbb7ab38b0941f9bcaf084633ccb07bf294
-
SSDEEP
768:VTHOvuye1kVtGBk6P/v7nWlHznbkVwrEKD9yDwxVSHrowNI2tG6o/t84B5vIb:qeytM3alnawrRIwxVSHMweio3ZIb
-
Globeimposter family
-
Renames multiple (7337) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Adds Run key to start application
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1