General

  • Target

    4616c3a50e0393ababc925b496f04f3687664e9d1c4b7966485a7a9124047214

  • Size

    387KB

  • Sample

    220201-mjemksddh2

  • MD5

    565717192a35dacce33823a8a7f5f897

  • SHA1

    542a54656018b6417320a84deb8e92ffec8d58c6

  • SHA256

    4616c3a50e0393ababc925b496f04f3687664e9d1c4b7966485a7a9124047214

  • SHA512

    e16272d638f4cf43aad99072311adacc812c794c82f7b2adaa8a511959eb51d9b9ce534d0927c90d88e17b599732ac8c217e09673889d14eb34b888494d07177

Malware Config

Targets

    • Target

      4616c3a50e0393ababc925b496f04f3687664e9d1c4b7966485a7a9124047214

    • Size

      387KB

    • MD5

      565717192a35dacce33823a8a7f5f897

    • SHA1

      542a54656018b6417320a84deb8e92ffec8d58c6

    • SHA256

      4616c3a50e0393ababc925b496f04f3687664e9d1c4b7966485a7a9124047214

    • SHA512

      e16272d638f4cf43aad99072311adacc812c794c82f7b2adaa8a511959eb51d9b9ce534d0927c90d88e17b599732ac8c217e09673889d14eb34b888494d07177

    • Ostap JavaScript Downloader

      Ostap is a JavaScript downloader that's been active since 2016. It's used to deliver several families, inluding TrickBot

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ostap

      Ostap is a JS downloader, used to deliver other families.

    • Sets service image path in registry

MITRE ATT&CK Enterprise v6

Tasks