General

  • Target

    361138996b8beb0a2b93fc76b01de114.xlsm.vir

  • Size

    387KB

  • Sample

    211222-szbhragdbj

  • MD5

    361138996b8beb0a2b93fc76b01de114

  • SHA1

    93cde623489e7174d5d116c5fb0b35de691c78d8

  • SHA256

    5c0a79af89a9383292db76652a6cfee60bc0509dc30250528f3c40002fc0f691

  • SHA512

    3de36e66b73f20d601b0c074de22e6f3edaca6502c956f7cac412d2a6642bf9112195008c0ab551cf34c428a4604f134a9fd4ffdd52c609b786fe3a63cad5bd7

Score
10/10

Malware Config

Targets

    • Target

      361138996b8beb0a2b93fc76b01de114.xlsm.vir

    • Size

      387KB

    • MD5

      361138996b8beb0a2b93fc76b01de114

    • SHA1

      93cde623489e7174d5d116c5fb0b35de691c78d8

    • SHA256

      5c0a79af89a9383292db76652a6cfee60bc0509dc30250528f3c40002fc0f691

    • SHA512

      3de36e66b73f20d601b0c074de22e6f3edaca6502c956f7cac412d2a6642bf9112195008c0ab551cf34c428a4604f134a9fd4ffdd52c609b786fe3a63cad5bd7

    Score
    10/10
    • Ostap JavaScript Downloader

      Ostap is a JavaScript downloader that's been active since 2016. It's used to deliver several families, inluding TrickBot

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ostap

      Ostap is a JS downloader, used to deliver other families.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v6

Tasks