Overview

overview

10

Static

static

6bb71d8bf3...0f3.js

windows7_x64

3

6bb71d8bf3...0f3.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6bb71d8bf32cceef6a431136e0c965aa905c45c240b40bb20aa6fb6f661300f3.zip

  • Size

    481KB

  • Sample

    210404-pe8qwwv14x

  • MD5

    ba76e79a083fa07e8fed1a7c650ae21d

  • SHA1

    bfd2dcdb58052ac06f57842e1a3c0e6229722c4b

  • SHA256

    93f2dc37243ae1365ee519eaa6042aa5762e5e18fef8cb7e4bc7b657525c6895

  • SHA512

    58d91a127f5a56f20686e6f6ad0f810335a88683f079c77057629adf15796953a1a757bc48ad76ffbfe2c63428ad062c8c70a8d145d0cb6ac1aafaa5d537a25e

Score
10/10
osirisbankerbotnet

Malware Config

Targets

    • Target

      6bb71d8bf32cceef6a431136e0c965aa905c45c240b40bb20aa6fb6f661300f3.js

    • Size

      2.5MB

    • MD5

      d7445ce4be501700003a79023147e9b9

    • SHA1

      2d80ceba1af9a16ef2b8186c5f46a19e984837f3

    • SHA256

      6bb71d8bf32cceef6a431136e0c965aa905c45c240b40bb20aa6fb6f661300f3

    • SHA512

      61d1c6d20b793b3f47143db918b66f8968cb43b0f5aee20d73ce009e6c2f924336a7f58b10ba631bff164371a9e80787ae3ac50caaa1943b57750b788db3ddc2

    Score
    10/10
    osirisbankerbotnet

    • Osiris

      bankerbotnetosiris

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Process Discovery

1
T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

1
T1090

Impact

Tasks