osiris | 1a62aee18b370678c1f2548f9df718ed7d1116be318069f322fa938722f0b15c | Triage

Submit
Reports

Overview

overview

Static

static

ExtendEXE

windows10_x64

Sharing

General

Target

asdkqw9uekmkvncmniudsheq.exe
Size

1.7MB
Sample

210424-jhcatltz52
MD5

0bd58bdac43ab10d35d40120cd120fe0
SHA1

d27a84dd4541bdd6a1fe8d6b2efb653249e01d93
SHA256

1a62aee18b370678c1f2548f9df718ed7d1116be318069f322fa938722f0b15c
SHA512

d0166b8da20a73df38b91b0a11e661bd83550a2a462da1ae3f2d929a4cd39afa093b32eb20a1b4ef835ad3a66eeca382a3128bc6c0915834f3c4917e36691657

Score

10^/10

osiris banker botnet

Static task

static1

Behavioral task

behavioral1

Sample

asdkqw9uekmkvncmniudsheq.exe

Resource

win10v20210410

osiris banker botnet

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  asdkqw9uekmkvncmniudsheq.exe
- Size
  
  1.7MB
- MD5
  
  0bd58bdac43ab10d35d40120cd120fe0
- SHA1
  
  d27a84dd4541bdd6a1fe8d6b2efb653249e01d93
- SHA256
  
  1a62aee18b370678c1f2548f9df718ed7d1116be318069f322fa938722f0b15c
- SHA512
  
  d0166b8da20a73df38b91b0a11e661bd83550a2a462da1ae3f2d929a4cd39afa093b32eb20a1b4ef835ad3a66eeca382a3128bc6c0915834f3c4917e36691657
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

© 2018-2024

Terms | Privacy