ostap | 3ceffdab08d5a316c737a1e34ec25c4e65934cd935483defdb2b70bc4d64dd64 | Triage

Submit
Reports

Overview

overview

Static

static

Perfil_WIN10

windows10_x64

5

Resubmissions

25-01-2021 17:15

210125-zcqahbtql6 10

Sharing

General

Target

$RYG17M9.zip
Size

65KB
Sample

210125-zcqahbtql6
MD5

f03ec7a979ce2cad45e481d25caa42bb
SHA1

f3e8420f68e8b103b2fa25388e9ee43cf79c9494
SHA256

3ceffdab08d5a316c737a1e34ec25c4e65934cd935483defdb2b70bc4d64dd64
SHA512

3d2a50fea3de7e37baae2bd550c1cdcb7af5f2fd849e8c5fb09828cafeb0f1692406d1703299ea7cc2677c3bfc830f998ea445ad9aae3c6675efd9a5da68062c

Score

10^/10

ostap macro ransomware xlm

Static task

static1

macro xlm ostap

Behavioral task

behavioral1

Sample

$RYG17M9.doc

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  $RYG17M9.doc
- Size
  
  399KB
- MD5
  
  908cb0ed7bdd34f4712318c8f2c75020
- SHA1
  
  acadaf2905c51eeff68ae9f4e9e15b1d29848de4
- SHA256
  
  6f1eadba6e73d7451a46ae74d2dc9e7d31c9d119e739c44c35e7fbef7e121c69
- SHA512
  
  dc297307efd3675fe6e4ecf930291b7d844ed700465d4072b62cb8e3b821989a7c2ecb9497a1c422beea4b7f132f74c61853fa62c7311e14b5b1e980b30ee7ba
Score

5^/10

ransomware
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy