General

  • Target

    af988030zdi1714.cmd

  • Size

    118KB

  • Sample

    230104-r1xxpsge25

  • MD5

    65e8735827a1f46aa4c5c9eb5439fd52

  • SHA1

    bf19bc3c9d142b0ea09dd3b57115808156c0200b

  • SHA256

    ce0d54c9c867b136594887dc4963816b2cb3e682da8f3d792e0f3e5d2b646964

  • SHA512

    417b71c00f359f9e340129b85254590e5cbf4f2c1fd3c8a6146225fd1abdfc0dd14870ee012b9861f129f69ed19617e436debfcaebfee436b5c682235ba41384

  • SSDEEP

    3072:oGu9BlfzWIbXWm+w0J95i+yQ5ao7/tPlvXLrKzvABED:o/0uoEQ5a8PLr2b

Malware Config

Targets

    • Target

      af988030zdi1714.cmd

    • Size

      118KB

    • MD5

      65e8735827a1f46aa4c5c9eb5439fd52

    • SHA1

      bf19bc3c9d142b0ea09dd3b57115808156c0200b

    • SHA256

      ce0d54c9c867b136594887dc4963816b2cb3e682da8f3d792e0f3e5d2b646964

    • SHA512

      417b71c00f359f9e340129b85254590e5cbf4f2c1fd3c8a6146225fd1abdfc0dd14870ee012b9861f129f69ed19617e436debfcaebfee436b5c682235ba41384

    • SSDEEP

      3072:oGu9BlfzWIbXWm+w0J95i+yQ5ao7/tPlvXLrKzvABED:o/0uoEQ5a8PLr2b

    • Ostap JavaScript downloader

      Ostap is a JavaScript downloader that's been active since 2016. It's used to deliver several families, inluding TrickBot

    • ostap

      Ostap is a JS downloader, used to deliver other families.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks