Overview

overview

10

Static

static

8

559b4ec0b9...a0.xls

windows7_x64

10

559b4ec0b9...a0.xls

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    559b4ec0b99a8e268d3dddd0c6a73f04317cdc9f597255fd1ce90015dfcfaea0

  • Size

    1.6MB

  • Sample

    201006-696kpg4dpx

  • MD5

    a34a2058c8eec7685d35736f193b187c

  • SHA1

    1009d8aeb10174624cff7dde7307610b4a9c6fb8

  • SHA256

    559b4ec0b99a8e268d3dddd0c6a73f04317cdc9f597255fd1ce90015dfcfaea0

  • SHA512

    ea435eacbb26748fdbbb9f07066347afb96b32fcf03f49844a907e67d5e343e926d57ed3907a6171e06ff1413aed43f6bd0eb84b086385c44ba374cdbe587f36

Score
10/10
ostapdownloadermacro

Malware Config

Targets

    • Target

      559b4ec0b99a8e268d3dddd0c6a73f04317cdc9f597255fd1ce90015dfcfaea0

    • Size

      1.6MB

    • MD5

      a34a2058c8eec7685d35736f193b187c

    • SHA1

      1009d8aeb10174624cff7dde7307610b4a9c6fb8

    • SHA256

      559b4ec0b99a8e268d3dddd0c6a73f04317cdc9f597255fd1ce90015dfcfaea0

    • SHA512

      ea435eacbb26748fdbbb9f07066347afb96b32fcf03f49844a907e67d5e343e926d57ed3907a6171e06ff1413aed43f6bd0eb84b086385c44ba374cdbe587f36

    Score
    10/10
    ostapdownloader

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ostap

      Ostap is a JS downloader, used to deliver other families.

      downloaderostap

    • Blocklisted process makes network request

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks