ostap | 4616c3a50e0393ababc925b496f04f3687664e9d1c4b7966485a7a9124047214 | Triage

Submit
Reports

Overview

overview

Static

static

8

4616c3a50e...4.docm

windows7_x64

4616c3a50e...4.docm

windows10-2004_x64

Sharing

General

Target

4616c3a50e0393ababc925b496f04f3687664e9d1c4b7966485a7a9124047214
Size

387KB
Sample

220201-mjemksddh2
MD5

565717192a35dacce33823a8a7f5f897
SHA1

542a54656018b6417320a84deb8e92ffec8d58c6
SHA256

4616c3a50e0393ababc925b496f04f3687664e9d1c4b7966485a7a9124047214
SHA512

e16272d638f4cf43aad99072311adacc812c794c82f7b2adaa8a511959eb51d9b9ce534d0927c90d88e17b599732ac8c217e09673889d14eb34b888494d07177

Score

10^/10

ostap downloader macro persistence

Static task

static1

Behavioral task

behavioral1

Sample

4616c3a50e0393ababc925b496f04f3687664e9d1c4b7966485a7a9124047214.docm

Resource

win7-en-20211208

ostap downloader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4616c3a50e0393ababc925b496f04f3687664e9d1c4b7966485a7a9124047214.docm

Resource

win10v2004-en-20220112

ostap downloader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  4616c3a50e0393ababc925b496f04f3687664e9d1c4b7966485a7a9124047214
- Size
  
  387KB
- MD5
  
  565717192a35dacce33823a8a7f5f897
- SHA1
  
  542a54656018b6417320a84deb8e92ffec8d58c6
- SHA256
  
  4616c3a50e0393ababc925b496f04f3687664e9d1c4b7966485a7a9124047214
- SHA512
  
  e16272d638f4cf43aad99072311adacc812c794c82f7b2adaa8a511959eb51d9b9ce534d0927c90d88e17b599732ac8c217e09673889d14eb34b888494d07177
Score

10^/10

ostap downloader persistence
- Ostap JavaScript Downloader
  Ostap is a JavaScript downloader that's been active since 2016. It's used to deliver several families, inluding TrickBot
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- ostap
  Ostap is a JS downloader, used to deliver other families.
  downloader ostap
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ostapdownloader

behavioral2

ostapdownloaderpersistence

© 2018-2024

Terms | Privacy