General

  • Target

    e21010888e225acdde63d87ce30b68ab61c12ee91400820d3c151e0f0daacd1a

  • Size

    329KB

  • Sample

    220201-dyy54afhhl

  • MD5

    8ade3b8c742363c77c3ed28e604f1fe8

  • SHA1

    c2bec21e2069d78792b15ac6e14f1ad1c7488870

  • SHA256

    e21010888e225acdde63d87ce30b68ab61c12ee91400820d3c151e0f0daacd1a

  • SHA512

    9312a754f725338c35faa890bf95410b9108e3b79ca5af9939a20158132c81480e5224b9a672bf82996a9b25810233977035c89a934430330dd53ca5ab955612

Malware Config

Targets

    • Target

      e21010888e225acdde63d87ce30b68ab61c12ee91400820d3c151e0f0daacd1a

    • Size

      329KB

    • MD5

      8ade3b8c742363c77c3ed28e604f1fe8

    • SHA1

      c2bec21e2069d78792b15ac6e14f1ad1c7488870

    • SHA256

      e21010888e225acdde63d87ce30b68ab61c12ee91400820d3c151e0f0daacd1a

    • SHA512

      9312a754f725338c35faa890bf95410b9108e3b79ca5af9939a20158132c81480e5224b9a672bf82996a9b25810233977035c89a934430330dd53ca5ab955612

    • Ostap JavaScript Downloader

      Ostap is a JavaScript downloader that's been active since 2016. It's used to deliver several families, inluding TrickBot

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ostap

      Ostap is a JS downloader, used to deliver other families.

    • Sets service image path in registry

MITRE ATT&CK Enterprise v6

Tasks