Overview

overview

10

Static

static

8

2ab98ac09e...b.docm

windows7_x64

10

2ab98ac09e...b.docm

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2ab98ac09ef0db9eaef3b2ecc09a6ef42d6977cba89ac08781f0751572d5b16b

  • Size

    638KB

  • Sample

    220524-zp7xjabhaj

  • MD5

    5b769ca4f7175d282c3f34135148bd80

  • SHA1

    7c13ba85e98e46b5a17f77ea36ccf54946913633

  • SHA256

    2ab98ac09ef0db9eaef3b2ecc09a6ef42d6977cba89ac08781f0751572d5b16b

  • SHA512

    e9144c58cc1d10f0537f21d9515dfaa59e8a39e4f6ddc299fcd67f0062d8bfd27ee2fd61c2f6fb44c08ccbd39336a1072048507fc52a6306780e7c56738f333a

Score
10/10
ostapdownloadermacro

Malware Config

Targets

    • Target

      2ab98ac09ef0db9eaef3b2ecc09a6ef42d6977cba89ac08781f0751572d5b16b

    • Size

      638KB

    • MD5

      5b769ca4f7175d282c3f34135148bd80

    • SHA1

      7c13ba85e98e46b5a17f77ea36ccf54946913633

    • SHA256

      2ab98ac09ef0db9eaef3b2ecc09a6ef42d6977cba89ac08781f0751572d5b16b

    • SHA512

      e9144c58cc1d10f0537f21d9515dfaa59e8a39e4f6ddc299fcd67f0062d8bfd27ee2fd61c2f6fb44c08ccbd39336a1072048507fc52a6306780e7c56738f333a

    Score
    10/10
    ostapdownloader

    • Ostap JavaScript Downloader

      Ostap is a JavaScript downloader that's been active since 2016. It's used to deliver several families, inluding TrickBot

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • ostap

      Ostap is a JS downloader, used to deliver other families.

      downloaderostap

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks