ostap | 72bf41aca0aa970314f2b66871261e5bd7ac921c7c1ab888dac714d0c7fadbe9 | Triage

Sharing

General

Target

72bf41aca0aa970314f2b66871261e5bd7ac921c7c1ab888dac714d0c7fadbe9
Size

480KB
Sample

220328-wwjxhahddm
MD5

b732597a08ef31189fb7f7a724838011
SHA1

f7eba74fafe1bf5f4ff9968f8d2ab3fc1627fe44
SHA256

72bf41aca0aa970314f2b66871261e5bd7ac921c7c1ab888dac714d0c7fadbe9
SHA512

07bf492a15c45d03ee84a92b0651987f368165f0c51c6501eeff0fc4305462624c23f635fd2ec4102322bfab47d07f2178699c5e1621e46187df108f331a97a4

Score

10^/10

ostap downloader persistence

Malware Config

Targets

- Target
  
  72bf41aca0aa970314f2b66871261e5bd7ac921c7c1ab888dac714d0c7fadbe9
- Size
  
  480KB
- MD5
  
  b732597a08ef31189fb7f7a724838011
- SHA1
  
  f7eba74fafe1bf5f4ff9968f8d2ab3fc1627fe44
- SHA256
  
  72bf41aca0aa970314f2b66871261e5bd7ac921c7c1ab888dac714d0c7fadbe9
- SHA512
  
  07bf492a15c45d03ee84a92b0651987f368165f0c51c6501eeff0fc4305462624c23f635fd2ec4102322bfab47d07f2178699c5e1621e46187df108f331a97a4
Score

10^/10

persistence ostap downloader
- ostap
  Ostap is a JS downloader, used to deliver other families.
  downloader ostap
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

ostapdownloaderpersistence