ostap | c16916fbad3101fbbb241ec7a8ebbb5e46288a6dfeed80c70e47127d1ae9b965 | Triage

Sharing

General

Target

readme.js
Size

843KB
Sample

210201-gn2z1a6yhe
MD5

871b84c3e9c24b706b51eb717ee50627
SHA1

696ff0a47d733e11a1468ee898ff31c9c27a9937
SHA256

c16916fbad3101fbbb241ec7a8ebbb5e46288a6dfeed80c70e47127d1ae9b965
SHA512

7e15b8e85b084cdc30990f696e5d9be6c67c457a89a47043e379209fb6a31446a1e6a75e3195b77037f0f703f33f6dcfca7c6ce10f68f617527673ec2956cee1

Score

10^/10

ostap downloader

Malware Config

Targets

- Target
  
  readme.js
- Size
  
  843KB
- MD5
  
  871b84c3e9c24b706b51eb717ee50627
- SHA1
  
  696ff0a47d733e11a1468ee898ff31c9c27a9937
- SHA256
  
  c16916fbad3101fbbb241ec7a8ebbb5e46288a6dfeed80c70e47127d1ae9b965
- SHA512
  
  7e15b8e85b084cdc30990f696e5d9be6c67c457a89a47043e379209fb6a31446a1e6a75e3195b77037f0f703f33f6dcfca7c6ce10f68f617527673ec2956cee1
Score

10^/10

ostap downloader
- ostap
  Ostap is a JS downloader, used to deliver other families.
  downloader ostap
- Blocklisted process makes network request
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ostapdownloader

behavioral2

ostapdownloader