General
-
Target
osiris.js
-
Size
2.8MB
-
Sample
210305-32cfx2va5a
-
MD5
93b238ff0ba3cb0c1921882d90502124
-
SHA1
9aa505e0f1eb26ca769a715753450c47a89fdcdc
-
SHA256
11c8dc17d50eb9393ca4b9db2ebf6be0989017cbabf39de8d0520e474ad40eb4
-
SHA512
d6c7f571b8124b315f1a4eaa5f2aef3772823709957df050a4641ff45429f4891d957a2d9c730d6636f26fa058b6c5cf3bc67107cf5c1de0f1b4c635b6779690
Malware Config
Targets
-
-
Target
osiris.js
-
Size
2.8MB
-
MD5
93b238ff0ba3cb0c1921882d90502124
-
SHA1
9aa505e0f1eb26ca769a715753450c47a89fdcdc
-
SHA256
11c8dc17d50eb9393ca4b9db2ebf6be0989017cbabf39de8d0520e474ad40eb4
-
SHA512
d6c7f571b8124b315f1a4eaa5f2aef3772823709957df050a4641ff45429f4891d957a2d9c730d6636f26fa058b6c5cf3bc67107cf5c1de0f1b4c635b6779690
Score10/10-
Osiris
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-
Suspicious use of SetThreadContext
-