Overview

overview

10

Static

static

530000.exe

windows7_x64

10

530000.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    530000.exe

  • Size

    434KB

  • Sample

    210309-lc2gdaejhe

  • MD5

    b9a52ad5db64cdde1d471191e868f448

  • SHA1

    9a412d9504f442166794724884620f4e65a6e553

  • SHA256

    6e6dfb6c3ce7a1a428b51a52ab1a1bb625f791f207204c29efe8c554b37d5cfe

  • SHA512

    bbb6588175baff4883ba85e2573ff69f8130014e732fd6d9570f6d21246a846292b3a33b2ed5df3c3bfc60cb5da6c31e9f0c7a92498ae274393052320b0b23a1

Score
10/10
osirisbankerbotnet

Malware Config

Targets

    • Target

      530000.exe

    • Size

      434KB

    • MD5

      b9a52ad5db64cdde1d471191e868f448

    • SHA1

      9a412d9504f442166794724884620f4e65a6e553

    • SHA256

      6e6dfb6c3ce7a1a428b51a52ab1a1bb625f791f207204c29efe8c554b37d5cfe

    • SHA512

      bbb6588175baff4883ba85e2573ff69f8130014e732fd6d9570f6d21246a846292b3a33b2ed5df3c3bfc60cb5da6c31e9f0c7a92498ae274393052320b0b23a1

    Score
    10/10
    osirisbankerbotnet

    • Osiris

      bankerbotnetosiris

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

1
T1090

Impact

Tasks