readme.js

General
Target

readme.js

Size

843KB

Sample

210201-gn2z1a6yhe

Score
10 /10
MD5

871b84c3e9c24b706b51eb717ee50627

SHA1

696ff0a47d733e11a1468ee898ff31c9c27a9937

SHA256

c16916fbad3101fbbb241ec7a8ebbb5e46288a6dfeed80c70e47127d1ae9b965

SHA512

7e15b8e85b084cdc30990f696e5d9be6c67c457a89a47043e379209fb6a31446a1e6a75e3195b77037f0f703f33f6dcfca7c6ce10f68f617527673ec2956cee1

Malware Config
Targets
Target

readme.js

MD5

871b84c3e9c24b706b51eb717ee50627

Filesize

843KB

Score
10 /10
SHA1

696ff0a47d733e11a1468ee898ff31c9c27a9937

SHA256

c16916fbad3101fbbb241ec7a8ebbb5e46288a6dfeed80c70e47127d1ae9b965

SHA512

7e15b8e85b084cdc30990f696e5d9be6c67c457a89a47043e379209fb6a31446a1e6a75e3195b77037f0f703f33f6dcfca7c6ce10f68f617527673ec2956cee1

Tags

Signatures

  • ostap

    Description

    Ostap is a JS downloader, used to deliver other families.

    Tags

  • Blocklisted process makes network request

  • Enumerates physical storage devices

    Description

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    TTPs

    System Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        6/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10