9d0a21ce53c6004f0caa583e2bcfbad4200eb7b3c9f5b2b68c8858592c7ec9d7

General
Target

9d0a21ce53c6004f0caa583e2bcfbad4200eb7b3c9f5b2b68c8858592c7ec9d7

Size

1MB

Sample

201006-atyeqxyfmn

Score
10 /10
MD5

213f9328ca43d51c50b74cdaaeca1ae5

SHA1

f7e7b5d5442328f615a707c78995e37fb0643af5

SHA256

9d0a21ce53c6004f0caa583e2bcfbad4200eb7b3c9f5b2b68c8858592c7ec9d7

SHA512

79977dd6d090ce44a0b59f0f17e5ea29e2e9f0c3cb17d9feb3d88bc29dfab752312b59bd8699b930d973d0d740984c5266fe9fdfd53a2fed9cd716772ec10264

Malware Config
Targets
Target

9d0a21ce53c6004f0caa583e2bcfbad4200eb7b3c9f5b2b68c8858592c7ec9d7

MD5

213f9328ca43d51c50b74cdaaeca1ae5

Filesize

1MB

Score
10 /10
SHA1

f7e7b5d5442328f615a707c78995e37fb0643af5

SHA256

9d0a21ce53c6004f0caa583e2bcfbad4200eb7b3c9f5b2b68c8858592c7ec9d7

SHA512

79977dd6d090ce44a0b59f0f17e5ea29e2e9f0c3cb17d9feb3d88bc29dfab752312b59bd8699b930d973d0d740984c5266fe9fdfd53a2fed9cd716772ec10264

Tags

Signatures

  • Process spawned unexpected child process

    Description

    This typically indicates the parent process was compromised via an exploit or macro.

  • ostap

    Description

    Ostap is a JS downloader, used to deliver other families.

    Tags

  • Blocklisted process makes network request

  • Enumerates physical storage devices

    Description

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        8/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10