osiris | ef8ba7d931f440b4c611a539349cdef819f9d0def97dbfbdb694209d09cef511 | Triage

Submit
Reports

Overview

overview

Static

static

ExtendEXE

windows10_x64

Sharing

General

Target

doeihdsjfnajdfuewrywuefhsdkjaf.exe
Size

1.7MB
Sample

210424-2y6ag96nv6
MD5

4db5926d31dff252464855326a137e2f
SHA1

9cb531b8962467f54264da21426d23445a935ce4
SHA256

ef8ba7d931f440b4c611a539349cdef819f9d0def97dbfbdb694209d09cef511
SHA512

71bda130ffb78a6bd1615984e599006bf6d8f1c5e182dffcb60a4e6a3ba162f6067c7de702f8e275fd9436ef18ab27b686ce75f254d1f40d3c560e7d3f6dc5c2

Score

10^/10

osiris banker botnet

Static task

static1

Behavioral task

behavioral1

Sample

doeihdsjfnajdfuewrywuefhsdkjaf.exe

Resource

win10v20210410

osiris banker botnet

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  doeihdsjfnajdfuewrywuefhsdkjaf.exe
- Size
  
  1.7MB
- MD5
  
  4db5926d31dff252464855326a137e2f
- SHA1
  
  9cb531b8962467f54264da21426d23445a935ce4
- SHA256
  
  ef8ba7d931f440b4c611a539349cdef819f9d0def97dbfbdb694209d09cef511
- SHA512
  
  71bda130ffb78a6bd1615984e599006bf6d8f1c5e182dffcb60a4e6a3ba162f6067c7de702f8e275fd9436ef18ab27b686ce75f254d1f40d3c560e7d3f6dc5c2
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

© 2018-2024

Terms | Privacy