General
-
Target
9d0a21ce53c6004f0caa583e2bcfbad4200eb7b3c9f5b2b68c8858592c7ec9d7
-
Size
1.6MB
-
Sample
201006-atyeqxyfmn
-
MD5
213f9328ca43d51c50b74cdaaeca1ae5
-
SHA1
f7e7b5d5442328f615a707c78995e37fb0643af5
-
SHA256
9d0a21ce53c6004f0caa583e2bcfbad4200eb7b3c9f5b2b68c8858592c7ec9d7
-
SHA512
79977dd6d090ce44a0b59f0f17e5ea29e2e9f0c3cb17d9feb3d88bc29dfab752312b59bd8699b930d973d0d740984c5266fe9fdfd53a2fed9cd716772ec10264
Malware Config
Targets
-
-
Target
9d0a21ce53c6004f0caa583e2bcfbad4200eb7b3c9f5b2b68c8858592c7ec9d7
-
Size
1.6MB
-
MD5
213f9328ca43d51c50b74cdaaeca1ae5
-
SHA1
f7e7b5d5442328f615a707c78995e37fb0643af5
-
SHA256
9d0a21ce53c6004f0caa583e2bcfbad4200eb7b3c9f5b2b68c8858592c7ec9d7
-
SHA512
79977dd6d090ce44a0b59f0f17e5ea29e2e9f0c3cb17d9feb3d88bc29dfab752312b59bd8699b930d973d0d740984c5266fe9fdfd53a2fed9cd716772ec10264
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ostap
Ostap is a JS downloader, used to deliver other families.
-
Blocklisted process makes network request
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-