ostap | 315644e7ccc27084de88d6108f59edde58a8775584bdf2e5fbb22841cc353e5d | Triage

Submit
Reports

Overview

overview

Static

static

8

315644e7cc...d.docm

windows7_x64

315644e7cc...d.docm

windows10-2004_x64

Sharing

General

Target

315644e7ccc27084de88d6108f59edde58a8775584bdf2e5fbb22841cc353e5d
Size

487KB
Sample

220520-fp414adggk
MD5

05cb50f35c90a9373786deaf55bf72c8
SHA1

e5604680b11e788d04b906d3e2560fa44e498b2c
SHA256

315644e7ccc27084de88d6108f59edde58a8775584bdf2e5fbb22841cc353e5d
SHA512

864e6955ff303560e120d0fde43898809e2542e1c19aa2cbd12168c6804bb660f67270ee33919f651b4b8bc2526e785d193d5ffbdc0f90b8fa0e6ee1beb9d64c

Score

10^/10

ostap downloader macro

Static task

static1

Behavioral task

behavioral1

Sample

315644e7ccc27084de88d6108f59edde58a8775584bdf2e5fbb22841cc353e5d.docm

Resource

win7-20220414-en

ostap downloader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

315644e7ccc27084de88d6108f59edde58a8775584bdf2e5fbb22841cc353e5d.docm

Resource

win10v2004-20220414-en

ostap downloader

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  315644e7ccc27084de88d6108f59edde58a8775584bdf2e5fbb22841cc353e5d
- Size
  
  487KB
- MD5
  
  05cb50f35c90a9373786deaf55bf72c8
- SHA1
  
  e5604680b11e788d04b906d3e2560fa44e498b2c
- SHA256
  
  315644e7ccc27084de88d6108f59edde58a8775584bdf2e5fbb22841cc353e5d
- SHA512
  
  864e6955ff303560e120d0fde43898809e2542e1c19aa2cbd12168c6804bb660f67270ee33919f651b4b8bc2526e785d193d5ffbdc0f90b8fa0e6ee1beb9d64c
Score

10^/10

ostap downloader
- Ostap JavaScript Downloader
  Ostap is a JavaScript downloader that's been active since 2016. It's used to deliver several families, inluding TrickBot
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- ostap
  Ostap is a JS downloader, used to deliver other families.
  downloader ostap
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ostapdownloader

behavioral2

ostapdownloader

© 2018-2024

Terms | Privacy