Globeimposter Ransomware Delivered via Necurs Botnet

Connection Overview

Remarks

The sample contacted only unknown URLs.

Remote Hosts (1)

Host	Country	City	Protocols	Reputation Status
rorymartin8.info (192.185.193.214)	United States	Houston	HTTP, TCP	Unknown

URL (1)

URL	Connection Successful	Reputation Status
http://rorymartin8.info/hudgy356?		Unknown

Connections

HTTP Sessions (1)

Information	Value
Total Data Sent	0.32 KB (332 bytes)
Total Data Received	155.80 KB (159535 bytes)
Contacted Host Count	1
Contacted Hosts	rorymartin8.info

HTTP Session #1

Information	Value
Used COM interface	Microsoft.XMLHTTP
User Agent	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)
Server Name	rorymartin8.info
Server Port	80
Data Sent	0.32 KB (332 bytes)
Data Received	155.80 KB (159535 bytes)

Operations

Operation	Additional Information	Count	Logfile
Open Session	user_agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Win64; x64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729), access_type = WINHTTP_ACCESS_TYPE_NO_PROXY, proxy_name = WINHTTP_NO_PROXY_NAME, proxy_bypass = WINHTTP_NO_PROXY_BYPASS	1	Fn
Open Connection	protocol = http, server_name = rorymartin8.info, server_port = 80	1	Fn
Open HTTP Request	http_verb = GeT, http_version = HTTP 1.1, target_resource = /hudgy356	1	Fn
Send HTTP Request	url = http://rorymartin8.info/hudgy356?	1	Fn
Receive HTTP Status	status = 200	1	Fn
Read Response	size_out = 159535	1	Fn Data

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".