osiris | bf9eb06db25ea1d3138b8e19a18d248df56a04200f9e54edfed850d018d2bb62 | Triage

Submit
Reports

Overview

overview

Static

static

1

run32dll.exe

windows7_x64

run32dll.exe

windows10_x64

Sharing

General

Target

run32dll.exe
Size

412KB
Sample

201103-jxh1few912
MD5

677f9f62a49e9a2a2212ed2f6e7dd545
SHA1

df2d854aa894676f7d7c3bd9eb833fe955575a6f
SHA256

bf9eb06db25ea1d3138b8e19a18d248df56a04200f9e54edfed850d018d2bb62
SHA512

c52d26091975936bc950bbdf20714859f4ea2eb27dd7aae42ac998a5600364b3f8e2521e734baea73da7e011a516f7cf8103c81516fb811937eca0be30d13e4a

Score

10^/10

osiris banker botnet

Static task

static1

Behavioral task

behavioral1

Sample

run32dll.exe

Resource

win7v20201028

osiris banker botnet

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

run32dll.exe

Resource

win10v20201028

osiris banker botnet

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  run32dll.exe
- Size
  
  412KB
- MD5
  
  677f9f62a49e9a2a2212ed2f6e7dd545
- SHA1
  
  df2d854aa894676f7d7c3bd9eb833fe955575a6f
- SHA256
  
  bf9eb06db25ea1d3138b8e19a18d248df56a04200f9e54edfed850d018d2bb62
- SHA512
  
  c52d26091975936bc950bbdf20714859f4ea2eb27dd7aae42ac998a5600364b3f8e2521e734baea73da7e011a516f7cf8103c81516fb811937eca0be30d13e4a
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet

© 2018-2024

Terms | Privacy