osiris | 1aa2009bf625cdd1f9fce70863201c2c9fc8624edd89103fda2e49b50ba908f7 | Triage

Sharing

General

Target

530000.exe
Size

434KB
Sample

210224-e9y2gwkzr6
MD5

f5fb35e6942d61210079c3ea5a51493e
SHA1

6ddbb9e84ed595781814eadf07ec65e35350ab79
SHA256

1aa2009bf625cdd1f9fce70863201c2c9fc8624edd89103fda2e49b50ba908f7
SHA512

91856dec3eaa6418a1ea19d0094a27f11e25fc8c6e47492149e1f7bc7a22314e850f38a6104e5a130b99c4c18d44a50a0403ccb4c4bef6e72c73e6c51e978b37

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  530000.exe
- Size
  
  434KB
- MD5
  
  f5fb35e6942d61210079c3ea5a51493e
- SHA1
  
  6ddbb9e84ed595781814eadf07ec65e35350ab79
- SHA256
  
  1aa2009bf625cdd1f9fce70863201c2c9fc8624edd89103fda2e49b50ba908f7
- SHA512
  
  91856dec3eaa6418a1ea19d0094a27f11e25fc8c6e47492149e1f7bc7a22314e850f38a6104e5a130b99c4c18d44a50a0403ccb4c4bef6e72c73e6c51e978b37
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet