General

  • Target

    3d0c3f3d464a8229480b6d4a024d2982c72d67942d8ee245dd91da1a26ddd22a

  • Size

    670KB

  • Sample

    220201-h7lzcaagbl

  • MD5

    dfcdb189eafa87b66861d3d110e17f7a

  • SHA1

    c05d97f19fe2defb98bad06fcfbc2af447f7e921

  • SHA256

    3d0c3f3d464a8229480b6d4a024d2982c72d67942d8ee245dd91da1a26ddd22a

  • SHA512

    fdaa7f8fa5276abff70a7bb0b21136e0d6780d5288cda5cc778719c54a26167db50ee16ded04c7be8ee04368d8f1ad4f1bb3ab6a427e1a6d8dc8c85d3b129a25

Malware Config

Targets

    • Target

      3d0c3f3d464a8229480b6d4a024d2982c72d67942d8ee245dd91da1a26ddd22a

    • Size

      670KB

    • MD5

      dfcdb189eafa87b66861d3d110e17f7a

    • SHA1

      c05d97f19fe2defb98bad06fcfbc2af447f7e921

    • SHA256

      3d0c3f3d464a8229480b6d4a024d2982c72d67942d8ee245dd91da1a26ddd22a

    • SHA512

      fdaa7f8fa5276abff70a7bb0b21136e0d6780d5288cda5cc778719c54a26167db50ee16ded04c7be8ee04368d8f1ad4f1bb3ab6a427e1a6d8dc8c85d3b129a25

    • Ostap JavaScript Downloader

      Ostap is a JavaScript downloader that's been active since 2016. It's used to deliver several families, inluding TrickBot

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ostap

      Ostap is a JS downloader, used to deliver other families.

    • Sets service image path in registry

    • Contains header used in .cmd/.bat files for embedding JavaScript code

MITRE ATT&CK Enterprise v6

Tasks