MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c64aa3ccc9b4f7482dbd5f3291a82bea3607c1290fad0a91b18d7101387d185. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Ostap


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c64aa3ccc9b4f7482dbd5f3291a82bea3607c1290fad0a91b18d7101387d185
SHA3-384 hash: be86c0fe77b01c2c3ec6715eb32105c68f6c601c3f59316f1245c90664f00a52d06a2507006c252e4b098e67cebda483
SHA1 hash: 1e01068a3cca4b1ec159be4b7777adbeb8e7bc14
MD5 hash: 61dfe6e47ef6060b961f7106a421c3f4
humanhash: montana-kentucky-sad-alpha
File name:61dfe6e47ef6060b961f7106a421c3f4.exe
Download: download sample
Signature Ostap
Create hunting rule
File size:121'344 bytes
First seen:2020-08-14 15:31:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0ebb3c09b06b1666d307952e824c8697 (15 x RedLineStealer, 13 x LgoogLoader, 7 x NanoCore)
ssdeep 3072:iGu9BlfzWIbXWm+w0JY5ivkf/prmYlki+y13fM+pqEx:i/0uoaftmYlqy1kQ
Threatray 10 similar samples on MalwareBazaar
TLSH A0C38D1296E5413BE0F523B045F912A31779BCE46F78A3AF834955D94C726C0AA7832F
Reporter abuse_ch
Tags:exe Ostap

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.BACKDOOR.Trojan.2860.9358.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% subdirectories
Running batch commands
Creating a process with a hidden window
Creating a process from a recently created file
Sending a UDP request
Using the Windows Management Instrumentation requests
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/430251
Signature
Opens network shares
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 process2 2 Behavior Graph ID: 267524 Sample: 084Bsfjm9i.exe Startdate: 16/08/2020 Architecture: WINDOWS Score: 56 6 084Bsfjm9i.exe 1 5 2->6         started        8 rundll32.exe 2->8         started        process3 10 cmd.exe 3 2 6->10         started        process4 12 wscript.exe 6 10->12         started        16 conhost.exe 10->16         started        dnsIp5 18 176.96.238.128, 443, 49728, 49736 MSKHOSTRU Czech Republic 12->18 20 System process connects to network (likely due to code injection or exploit) 12->20 22 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 12->22 24 Opens network shares 12->24 signatures6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0c64aa3ccc9b4f7482dbd5f3291a82bea3607c1290fad0a91b18d7101387d185/
Threat name:
Win32.Trojan.Masson
Create hunting rule
Status:
Malicious
First seen:
2020-08-14 15:33:04 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=brskupgmtnhxjaw32xzssgucx2rwa7assd5nbki3ddlrae4h2gcq._file
Verdict:
unknown
Similar samples:
1a64802e01d94712cb6daf8339296b78cf0a7a81251e80937d01d975b31938dc
Ostap
2592c39ffbe369b2a6d1cf29e90bc0d0459ac881ae5fc2425ee61aa04ff2e97a
Ostap
49fe6c1cce117dc28884b4713f1583af943af16dd936f760c46b1aedfdad75ca
Ostap
b2f041348835c102db3769245ee4c28dd00cb19c3c6710fc9c11228f3bbce61b
Ostap
b479533a51ba629bd5f20a7e9faa3bcccfddc72218b23dfd5a4ab15825204944
Ostap
e6fd67f6f97b12e9c521c165db7d021c9c86ac1f45582692a8972090f20a9a6d
Ostap
e7a8f968f1c68de29d5cbadaef5ae9b10cc8b8098669feed67a5a570814182ce
Ostap
ea05817e0614fd085e2775d01e7197e93bde58cf57789aeb49ed39f6c295973c
Ostap
fc0ffda44e2748b424639a1592356cc209abf6045a8d6a069f5f562ea1f31763
Ostap
ff6353b97df24c70f01f79c12c29d597c8fdf84675fa4ccae6994c5e8e9798cf
Ostap
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/200814-8tavz9154a/
Behaviour
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of WriteProcessMemory
Adds Run key to start application
JavaScript code in executable
Adds Run key to start application
JavaScript code in executable
Blacklisted process makes network request
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Refroso
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/0c64aa3ccc9b4f7482dbd5f3291a82bea3607c1290fad0a91b18d7101387d185

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Ostap

Executable exe 0c64aa3ccc9b4f7482dbd5f3291a82bea3607c1290fad0a91b18d7101387d185

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/46048/
  
URLhaus
https://urlhaus.abuse.ch/url/433349/
  
Delivery method
Distributed via web download

Comments