Videos

Check out our video libray AppCheck defending aginst newest ransomware

GlobeImposter Ransomware (..txt / Read_ME.html)

  • Distribution Method : Mail attachment (.js)
 
  • MD5 : 97f27561bb754a980092ee052da3802d
 
  • Major Detection Name : Ransom/W32.Globeimposter.272384 (nProtect), Ransom_FAKEGLOBE.ENJ (Trend Micro)
 
  • Encrypted File Pattern : ..txt
 
  • Malicious File Creation Location :
         - C:\Users\%UserName%\AppData\Local\Temp\pIURAAm2.exe
         - C:\Users\Public\pIURAAm2.exe
 
  • Payment Instruction File : Read_ME.html
 
  • Major Characteristics :
         - Offline Encryption
         - Fake Globe / PSCrypt Ransomware series
         - Disable system restore (vssadmin.exe Delete Shadows /All /Quiet)

Go to List

Please upgrade your web browser for better website experience.

위로