Overview

overview

10

Static

static

Secure_Vie...e_.exe

windows7_x64

10

Secure_Vie...e_.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Secure_Viewer.exe_

  • Size

    1.4MB

  • Sample

    210311-aaatl3tt96

  • MD5

    0c09489446c609ba6893455661948ac7

  • SHA1

    46e09d46a00ea8f151b661db6332c83695b1cf90

  • SHA256

    4807f8fce08612cc316476fe34aa497188810fc10102c6c07bf18142655eb252

  • SHA512

    07f3211408bb75cb25bad4042e3246320b38cd1d30d77635c38f12687bd90ca5b2f8241883aae0a956a606186b3ec0945dd4ad36c3944c1126aae98f2402ae06

Score
10/10
osirisbankerbotnetspywarestealer

Malware Config

Targets

    • Target

      Secure_Viewer.exe_

    • Size

      1.4MB

    • MD5

      0c09489446c609ba6893455661948ac7

    • SHA1

      46e09d46a00ea8f151b661db6332c83695b1cf90

    • SHA256

      4807f8fce08612cc316476fe34aa497188810fc10102c6c07bf18142655eb252

    • SHA512

      07f3211408bb75cb25bad4042e3246320b38cd1d30d77635c38f12687bd90ca5b2f8241883aae0a956a606186b3ec0945dd4ad36c3944c1126aae98f2402ae06

    Score
    10/10
    osirisbankerbotnetspywarestealer

    • Osiris

      bankerbotnetosiris

    • Nirsoft

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Connection Proxy

1
T1090

Impact

Tasks