General

  • Target

    315644e7ccc27084de88d6108f59edde58a8775584bdf2e5fbb22841cc353e5d

  • Size

    487KB

  • Sample

    220520-fp414adggk

  • MD5

    05cb50f35c90a9373786deaf55bf72c8

  • SHA1

    e5604680b11e788d04b906d3e2560fa44e498b2c

  • SHA256

    315644e7ccc27084de88d6108f59edde58a8775584bdf2e5fbb22841cc353e5d

  • SHA512

    864e6955ff303560e120d0fde43898809e2542e1c19aa2cbd12168c6804bb660f67270ee33919f651b4b8bc2526e785d193d5ffbdc0f90b8fa0e6ee1beb9d64c

Score
10/10

Malware Config

Targets

    • Target

      315644e7ccc27084de88d6108f59edde58a8775584bdf2e5fbb22841cc353e5d

    • Size

      487KB

    • MD5

      05cb50f35c90a9373786deaf55bf72c8

    • SHA1

      e5604680b11e788d04b906d3e2560fa44e498b2c

    • SHA256

      315644e7ccc27084de88d6108f59edde58a8775584bdf2e5fbb22841cc353e5d

    • SHA512

      864e6955ff303560e120d0fde43898809e2542e1c19aa2cbd12168c6804bb660f67270ee33919f651b4b8bc2526e785d193d5ffbdc0f90b8fa0e6ee1beb9d64c

    Score
    10/10
    • Ostap JavaScript Downloader

      Ostap is a JavaScript downloader that's been active since 2016. It's used to deliver several families, inluding TrickBot

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ostap

      Ostap is a JS downloader, used to deliver other families.

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v6

Tasks