General
-
Target
del_info-W8629822.xlsm
-
Size
238KB
-
Sample
200804-cg5w9he1ts
-
MD5
ee54cfcfb1a4f10f27b597a37fbb33de
-
SHA1
06b40ca6f7013057c4bc243c8636345e9aac786e
-
SHA256
b7570f67d3d5a587e48f30fe62f2f2f04f60b65a21216a86ec062babc5a05fa6
-
SHA512
4d9dd8cdddf14d8dd2a91d0bbf09945d6bfac9c5e25e67ae01c02b4309351bc079b85e319beed10b19dad11151f926bd3331c2fecd28466bc543eaf35e8877d4
Malware Config
Targets
-
-
Target
del_info-W8629822.xlsm
-
Size
238KB
-
MD5
ee54cfcfb1a4f10f27b597a37fbb33de
-
SHA1
06b40ca6f7013057c4bc243c8636345e9aac786e
-
SHA256
b7570f67d3d5a587e48f30fe62f2f2f04f60b65a21216a86ec062babc5a05fa6
-
SHA512
4d9dd8cdddf14d8dd2a91d0bbf09945d6bfac9c5e25e67ae01c02b4309351bc079b85e319beed10b19dad11151f926bd3331c2fecd28466bc543eaf35e8877d4
Score10/10-
Ostap JavaScript Downloader
Ostap is a JavaScript downloader that's been active since 2016. It's used to deliver several families, inluding TrickBot
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ostap
Ostap is a JS downloader, used to deliver other families.
-
Blacklisted process makes network request
-
JavaScript code in executable
-