General
-
Target
559b4ec0b99a8e268d3dddd0c6a73f04317cdc9f597255fd1ce90015dfcfaea0
-
Size
1.6MB
-
Sample
201006-696kpg4dpx
-
MD5
a34a2058c8eec7685d35736f193b187c
-
SHA1
1009d8aeb10174624cff7dde7307610b4a9c6fb8
-
SHA256
559b4ec0b99a8e268d3dddd0c6a73f04317cdc9f597255fd1ce90015dfcfaea0
-
SHA512
ea435eacbb26748fdbbb9f07066347afb96b32fcf03f49844a907e67d5e343e926d57ed3907a6171e06ff1413aed43f6bd0eb84b086385c44ba374cdbe587f36
Malware Config
Targets
-
-
Target
559b4ec0b99a8e268d3dddd0c6a73f04317cdc9f597255fd1ce90015dfcfaea0
-
Size
1.6MB
-
MD5
a34a2058c8eec7685d35736f193b187c
-
SHA1
1009d8aeb10174624cff7dde7307610b4a9c6fb8
-
SHA256
559b4ec0b99a8e268d3dddd0c6a73f04317cdc9f597255fd1ce90015dfcfaea0
-
SHA512
ea435eacbb26748fdbbb9f07066347afb96b32fcf03f49844a907e67d5e343e926d57ed3907a6171e06ff1413aed43f6bd0eb84b086385c44ba374cdbe587f36
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ostap
Ostap is a JS downloader, used to deliver other families.
-
Blocklisted process makes network request
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-