osiris.js

General
Target

osiris.js

Size

2MB

Sample

210305-32cfx2va5a

Score
10 /10
MD5

93b238ff0ba3cb0c1921882d90502124

SHA1

9aa505e0f1eb26ca769a715753450c47a89fdcdc

SHA256

11c8dc17d50eb9393ca4b9db2ebf6be0989017cbabf39de8d0520e474ad40eb4

SHA512

d6c7f571b8124b315f1a4eaa5f2aef3772823709957df050a4641ff45429f4891d957a2d9c730d6636f26fa058b6c5cf3bc67107cf5c1de0f1b4c635b6779690

Malware Config
Targets
Target

osiris.js

MD5

93b238ff0ba3cb0c1921882d90502124

Filesize

2MB

Score
10 /10
SHA1

9aa505e0f1eb26ca769a715753450c47a89fdcdc

SHA256

11c8dc17d50eb9393ca4b9db2ebf6be0989017cbabf39de8d0520e474ad40eb4

SHA512

d6c7f571b8124b315f1a4eaa5f2aef3772823709957df050a4641ff45429f4891d957a2d9c730d6636f26fa058b6c5cf3bc67107cf5c1de0f1b4c635b6779690

Tags

Signatures

  • Osiris

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications

    Description

    Malware can proxy its traffic through Tor for more anonymity.

    TTPs

    Connection Proxy
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
Credential Access
Defense Evasion
Execution
    Exfiltration
      Impact
        Initial Access
          Lateral Movement
            Persistence
              Privilege Escalation
                Tasks

                static1

                behavioral1

                3/10

                behavioral2

                10/10