559b4ec0b99a8e268d3dddd0c6a73f04317cdc9f597255fd1ce90015dfcfaea0

General
Target

559b4ec0b99a8e268d3dddd0c6a73f04317cdc9f597255fd1ce90015dfcfaea0

Size

1MB

Sample

201006-696kpg4dpx

Score
10 /10
MD5

a34a2058c8eec7685d35736f193b187c

SHA1

1009d8aeb10174624cff7dde7307610b4a9c6fb8

SHA256

559b4ec0b99a8e268d3dddd0c6a73f04317cdc9f597255fd1ce90015dfcfaea0

SHA512

ea435eacbb26748fdbbb9f07066347afb96b32fcf03f49844a907e67d5e343e926d57ed3907a6171e06ff1413aed43f6bd0eb84b086385c44ba374cdbe587f36

Malware Config
Targets
Target

559b4ec0b99a8e268d3dddd0c6a73f04317cdc9f597255fd1ce90015dfcfaea0

MD5

a34a2058c8eec7685d35736f193b187c

Filesize

1MB

Score
10 /10
SHA1

1009d8aeb10174624cff7dde7307610b4a9c6fb8

SHA256

559b4ec0b99a8e268d3dddd0c6a73f04317cdc9f597255fd1ce90015dfcfaea0

SHA512

ea435eacbb26748fdbbb9f07066347afb96b32fcf03f49844a907e67d5e343e926d57ed3907a6171e06ff1413aed43f6bd0eb84b086385c44ba374cdbe587f36

Tags

Signatures

  • Process spawned unexpected child process

    Description

    This typically indicates the parent process was compromised via an exploit or macro.

  • ostap

    Description

    Ostap is a JS downloader, used to deliver other families.

    Tags

  • Blocklisted process makes network request

  • Enumerates physical storage devices

    Description

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        8/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10