General

  • Target

    2ab98ac09ef0db9eaef3b2ecc09a6ef42d6977cba89ac08781f0751572d5b16b

  • Size

    638KB

  • Sample

    220524-zp7xjabhaj

  • MD5

    5b769ca4f7175d282c3f34135148bd80

  • SHA1

    7c13ba85e98e46b5a17f77ea36ccf54946913633

  • SHA256

    2ab98ac09ef0db9eaef3b2ecc09a6ef42d6977cba89ac08781f0751572d5b16b

  • SHA512

    e9144c58cc1d10f0537f21d9515dfaa59e8a39e4f6ddc299fcd67f0062d8bfd27ee2fd61c2f6fb44c08ccbd39336a1072048507fc52a6306780e7c56738f333a

Score
10/10

Malware Config

Targets

    • Target

      2ab98ac09ef0db9eaef3b2ecc09a6ef42d6977cba89ac08781f0751572d5b16b

    • Size

      638KB

    • MD5

      5b769ca4f7175d282c3f34135148bd80

    • SHA1

      7c13ba85e98e46b5a17f77ea36ccf54946913633

    • SHA256

      2ab98ac09ef0db9eaef3b2ecc09a6ef42d6977cba89ac08781f0751572d5b16b

    • SHA512

      e9144c58cc1d10f0537f21d9515dfaa59e8a39e4f6ddc299fcd67f0062d8bfd27ee2fd61c2f6fb44c08ccbd39336a1072048507fc52a6306780e7c56738f333a

    Score
    10/10
    • Ostap JavaScript Downloader

      Ostap is a JavaScript downloader that's been active since 2016. It's used to deliver several families, inluding TrickBot

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ostap

      Ostap is a JS downloader, used to deliver other families.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

MITRE ATT&CK Enterprise v6

Tasks