General
-
Target
e21010888e225acdde63d87ce30b68ab61c12ee91400820d3c151e0f0daacd1a
-
Size
329KB
-
Sample
220201-dyy54afhhl
-
MD5
8ade3b8c742363c77c3ed28e604f1fe8
-
SHA1
c2bec21e2069d78792b15ac6e14f1ad1c7488870
-
SHA256
e21010888e225acdde63d87ce30b68ab61c12ee91400820d3c151e0f0daacd1a
-
SHA512
9312a754f725338c35faa890bf95410b9108e3b79ca5af9939a20158132c81480e5224b9a672bf82996a9b25810233977035c89a934430330dd53ca5ab955612
Static task
static1
Behavioral task
behavioral1
Sample
e21010888e225acdde63d87ce30b68ab61c12ee91400820d3c151e0f0daacd1a.xlsm
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
e21010888e225acdde63d87ce30b68ab61c12ee91400820d3c151e0f0daacd1a.xlsm
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
e21010888e225acdde63d87ce30b68ab61c12ee91400820d3c151e0f0daacd1a
-
Size
329KB
-
MD5
8ade3b8c742363c77c3ed28e604f1fe8
-
SHA1
c2bec21e2069d78792b15ac6e14f1ad1c7488870
-
SHA256
e21010888e225acdde63d87ce30b68ab61c12ee91400820d3c151e0f0daacd1a
-
SHA512
9312a754f725338c35faa890bf95410b9108e3b79ca5af9939a20158132c81480e5224b9a672bf82996a9b25810233977035c89a934430330dd53ca5ab955612
Score10/10-
Ostap JavaScript Downloader
Ostap is a JavaScript downloader that's been active since 2016. It's used to deliver several families, inluding TrickBot
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Sets service image path in registry
-