Overview

overview

10

Static

static

pancho.js

windows7_x64

5

pancho.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    pancho.js

  • Size

    2.5MB

  • Sample

    210120-cw9beztgtn

  • MD5

    bd52c3fcb98700992066743b021876dd

  • SHA1

    c711676cf2dadffa73b3bd03de01fc3e6ea4e892

  • SHA256

    a0081f88e43338810fe23bd2e1fba8857b45f4378df38fc0c217426468b924fc

  • SHA512

    24b6831f75736ba70ba8fd00263391e220c7e7cbf3c0d9ed1bfb24f92384a4694282509864d139950afaa910a2c278371354e61a51348b652419bd9c405d7e3b

Score
10/10
osirisbankerbotnetransomware

Malware Config

Targets

    • Target

      pancho.js

    • Size

      2.5MB

    • MD5

      bd52c3fcb98700992066743b021876dd

    • SHA1

      c711676cf2dadffa73b3bd03de01fc3e6ea4e892

    • SHA256

      a0081f88e43338810fe23bd2e1fba8857b45f4378df38fc0c217426468b924fc

    • SHA512

      24b6831f75736ba70ba8fd00263391e220c7e7cbf3c0d9ed1bfb24f92384a4694282509864d139950afaa910a2c278371354e61a51348b652419bd9c405d7e3b

    Score
    10/10
    ransomwareosirisbankerbotnet

    • Osiris

      bankerbotnetosiris

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    • Enumerates physical storage devices

      Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

      ransomware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

1
T1090

Impact

Tasks