General

  • Target

    843021e4a2dcaa8887c2e0945157f947dbfd81372d601be47416294355635496

  • Size

    388KB

  • Sample

    220201-f1dchshcck

  • MD5

    dcf3d45ddee53a91d55c45614124f0f1

  • SHA1

    ac8889a3cbf370edf067029df9eb12e16aab5a81

  • SHA256

    843021e4a2dcaa8887c2e0945157f947dbfd81372d601be47416294355635496

  • SHA512

    15e8e146253488949468c30a999af89b88f086482a2e7ea610ba32084eb1c28930bd8b2a8b05631c425c275873ee81acda1d86b1c33514f05190ba5bd9fd95c2

Malware Config

Targets

    • Target

      843021e4a2dcaa8887c2e0945157f947dbfd81372d601be47416294355635496

    • Size

      388KB

    • MD5

      dcf3d45ddee53a91d55c45614124f0f1

    • SHA1

      ac8889a3cbf370edf067029df9eb12e16aab5a81

    • SHA256

      843021e4a2dcaa8887c2e0945157f947dbfd81372d601be47416294355635496

    • SHA512

      15e8e146253488949468c30a999af89b88f086482a2e7ea610ba32084eb1c28930bd8b2a8b05631c425c275873ee81acda1d86b1c33514f05190ba5bd9fd95c2

    • Ostap JavaScript Downloader

      Ostap is a JavaScript downloader that's been active since 2016. It's used to deliver several families, inluding TrickBot

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ostap

      Ostap is a JS downloader, used to deliver other families.

    • Sets service image path in registry

MITRE ATT&CK Enterprise v6

Tasks