General
-
Target
361138996b8beb0a2b93fc76b01de114.xlsm.vir
-
Size
387KB
-
Sample
211222-szbhragdbj
-
MD5
361138996b8beb0a2b93fc76b01de114
-
SHA1
93cde623489e7174d5d116c5fb0b35de691c78d8
-
SHA256
5c0a79af89a9383292db76652a6cfee60bc0509dc30250528f3c40002fc0f691
-
SHA512
3de36e66b73f20d601b0c074de22e6f3edaca6502c956f7cac412d2a6642bf9112195008c0ab551cf34c428a4604f134a9fd4ffdd52c609b786fe3a63cad5bd7
Static task
static1
Behavioral task
behavioral1
Sample
361138996b8beb0a2b93fc76b01de114.xlsm.vir.xlsm
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
361138996b8beb0a2b93fc76b01de114.xlsm.vir.xlsm
Resource
win10-en-20211208
Malware Config
Targets
-
-
Target
361138996b8beb0a2b93fc76b01de114.xlsm.vir
-
Size
387KB
-
MD5
361138996b8beb0a2b93fc76b01de114
-
SHA1
93cde623489e7174d5d116c5fb0b35de691c78d8
-
SHA256
5c0a79af89a9383292db76652a6cfee60bc0509dc30250528f3c40002fc0f691
-
SHA512
3de36e66b73f20d601b0c074de22e6f3edaca6502c956f7cac412d2a6642bf9112195008c0ab551cf34c428a4604f134a9fd4ffdd52c609b786fe3a63cad5bd7
Score10/10-
Ostap JavaScript Downloader
Ostap is a JavaScript downloader that's been active since 2016. It's used to deliver several families, inluding TrickBot
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-