osiris | ef8ba7d931f440b4c611a539349cdef819f9d0def97dbfbdb694209d09cef511 | Triage

Submit
Reports

Overview

overview

Static

static

ExtendEXE

windows10_x64

Sharing

General

Target

doeihdsjfnajdfuewrywuefhsdkjaf.exe
Size

1.7MB
Sample

210424-2y6ag96nv6
MD5

4db5926d31dff252464855326a137e2f
SHA1

9cb531b8962467f54264da21426d23445a935ce4
SHA256

ef8ba7d931f440b4c611a539349cdef819f9d0def97dbfbdb694209d09cef511
SHA512

71bda130ffb78a6bd1615984e599006bf6d8f1c5e182dffcb60a4e6a3ba162f6067c7de702f8e275fd9436ef18ab27b686ce75f254d1f40d3c560e7d3f6dc5c2

Score

10^/10

osiris banker botnet

Static task

static1

Behavioral task

behavioral1

Sample

doeihdsjfnajdfuewrywuefhsdkjaf.exe

Resource

win10v20210410

osiris banker botnet

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  doeihdsjfnajdfuewrywuefhsdkjaf.exe
- Size
  
  1.7MB
- MD5
  
  4db5926d31dff252464855326a137e2f
- SHA1
  
  9cb531b8962467f54264da21426d23445a935ce4
- SHA256
  
  ef8ba7d931f440b4c611a539349cdef819f9d0def97dbfbdb694209d09cef511
- SHA512
  
  71bda130ffb78a6bd1615984e599006bf6d8f1c5e182dffcb60a4e6a3ba162f6067c7de702f8e275fd9436ef18ab27b686ce75f254d1f40d3c560e7d3f6dc5c2
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

© 2018-2024

Terms | Privacy