Overview

overview

10

Static

static

8

361138996b...r.xlsm

windows7_x64

10

361138996b...r.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    361138996b8beb0a2b93fc76b01de114.xlsm.vir

  • Size

    387KB

  • Sample

    211222-szbhragdbj

  • MD5

    361138996b8beb0a2b93fc76b01de114

  • SHA1

    93cde623489e7174d5d116c5fb0b35de691c78d8

  • SHA256

    5c0a79af89a9383292db76652a6cfee60bc0509dc30250528f3c40002fc0f691

  • SHA512

    3de36e66b73f20d601b0c074de22e6f3edaca6502c956f7cac412d2a6642bf9112195008c0ab551cf34c428a4604f134a9fd4ffdd52c609b786fe3a63cad5bd7

Score
10/10
ostapdownloadermacro

Malware Config

Targets

    • Target

      361138996b8beb0a2b93fc76b01de114.xlsm.vir

    • Size

      387KB

    • MD5

      361138996b8beb0a2b93fc76b01de114

    • SHA1

      93cde623489e7174d5d116c5fb0b35de691c78d8

    • SHA256

      5c0a79af89a9383292db76652a6cfee60bc0509dc30250528f3c40002fc0f691

    • SHA512

      3de36e66b73f20d601b0c074de22e6f3edaca6502c956f7cac412d2a6642bf9112195008c0ab551cf34c428a4604f134a9fd4ffdd52c609b786fe3a63cad5bd7

    Score
    10/10
    ostapdownloader

    • Ostap JavaScript Downloader

      Ostap is a JavaScript downloader that's been active since 2016. It's used to deliver several families, inluding TrickBot

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ostap

      Ostap is a JS downloader, used to deliver other families.

      downloaderostap

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks