MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2592c39ffbe369b2a6d1cf29e90bc0d0459ac881ae5fc2425ee61aa04ff2e97a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Ostap


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2592c39ffbe369b2a6d1cf29e90bc0d0459ac881ae5fc2425ee61aa04ff2e97a
SHA3-384 hash: ba327a7dd20ae36b986104b0f736a86eba2505fed6b7df7637c8aacc0101106fba66b0c2140dd67f345c18ae9d88363c
SHA1 hash: 590a00ffdc9500b67994c92e1f7acef1cc50e8b6
MD5 hash: 50d2520e046de10757e1d9dd44de1007
humanhash: cola-india-uniform-connecticut
File name:50d2520e046de10757e1d9dd44de1007.exe
Download: download sample
Signature Ostap
Create hunting rule
File size:122'880 bytes
First seen:2020-08-13 12:28:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0ebb3c09b06b1666d307952e824c8697 (15 x RedLineStealer, 13 x LgoogLoader, 7 x NanoCore)
ssdeep 3072:bGu9BlfzWIbXWm+w0JK5iNqzFFvrPZPO/VMsNkcEs:b/0uo5CP9BsH
Threatray 10 similar samples on MalwareBazaar
TLSH 46C39E1296E4913BE0F527B09AFD16A71778BCE06F7493AF828954D85C727C0693832B
Reporter abuse_ch
Tags:exe Ostap


Avatar
abuse_ch
Ostap C2:
91.193.181.158:443

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/45176/
Detection(s):
SecuriteInfo.com.BACKDOOR.Trojan.2860.9358.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% subdirectories
Running batch commands
Creating a process with a hidden window
Creating a process from a recently created file
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/426209
Signature
Opens network shares
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 process2 2 Behavior Graph ID: 265762 Sample: OAPAU84dG4.exe Startdate: 14/08/2020 Architecture: WINDOWS Score: 56 6 OAPAU84dG4.exe 1 5 2->6         started        8 rundll32.exe 2->8         started        process3 10 cmd.exe 3 2 6->10         started        process4 12 wscript.exe 6 10->12         started        16 conhost.exe 10->16         started        dnsIp5 18 91.193.181.158, 443 RECONNRU Russian Federation 12->18 20 System process connects to network (likely due to code injection or exploit) 12->20 22 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 12->22 24 Opens network shares 12->24 signatures6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2592c39ffbe369b2a6d1cf29e90bc0d0459ac881ae5fc2425ee61aa04ff2e97a/
Threat name:
Win32.Trojan.Patched
Create hunting rule
Status:
Malicious
First seen:
2020-08-13 12:30:08 UTC
File Type:
PE (Exe)
Extracted files:
16
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ewjmhh734nu3fjwrz4u6sc6a2bczvsebvzp4eqs64ynkat7s5f5a._file
Verdict:
unknown
Similar samples:
0c64aa3ccc9b4f7482dbd5f3291a82bea3607c1290fad0a91b18d7101387d185
Ostap
1a64802e01d94712cb6daf8339296b78cf0a7a81251e80937d01d975b31938dc
Ostap
49fe6c1cce117dc28884b4713f1583af943af16dd936f760c46b1aedfdad75ca
Ostap
b2f041348835c102db3769245ee4c28dd00cb19c3c6710fc9c11228f3bbce61b
Ostap
b479533a51ba629bd5f20a7e9faa3bcccfddc72218b23dfd5a4ab15825204944
Ostap
e6fd67f6f97b12e9c521c165db7d021c9c86ac1f45582692a8972090f20a9a6d
Ostap
e7a8f968f1c68de29d5cbadaef5ae9b10cc8b8098669feed67a5a570814182ce
Ostap
ea05817e0614fd085e2775d01e7197e93bde58cf57789aeb49ed39f6c295973c
Ostap
fc0ffda44e2748b424639a1592356cc209abf6045a8d6a069f5f562ea1f31763
Ostap
ff6353b97df24c70f01f79c12c29d597c8fdf84675fa4ccae6994c5e8e9798cf
Ostap
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/200813-pevhdwmgns/
Behaviour
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of WriteProcessMemory
Adds Run key to start application
JavaScript code in executable
Adds Run key to start application
JavaScript code in executable
Blacklisted process makes network request
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2592c39ffbe369b2a6d1cf29e90bc0d0459ac881ae5fc2425ee61aa04ff2e97a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Ostap

Executable exe 2592c39ffbe369b2a6d1cf29e90bc0d0459ac881ae5fc2425ee61aa04ff2e97a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/431721/
Cape
Cape
https://www.capesandbox.com/analysis/45176/
  
Delivery method
Distributed via web download

Comments