osiris | 605255cd417fde0180da116df7deeba2a7a0db6dcda35baf5f68ef8a97449260 | Triage

Sharing

General

Target

605255cd417fde0180da116df7deeba2a7a0db6dcda35baf5f68ef8a97449260
Size

459KB
Sample

210518-dwl2x855ls
MD5

4e49a88d489d88f3cdfee9fa077ef865
SHA1

34f205c4c3a356eb0793850d6953802283e55c57
SHA256

605255cd417fde0180da116df7deeba2a7a0db6dcda35baf5f68ef8a97449260
SHA512

559c4e67e078a663ed6e76c03b1d0b432e7eb3471f543efdf2e77938724334880db65418bb9773a4ed089add2a280b99b44942d0cf786be13783de6dcd8887b3

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  605255cd417fde0180da116df7deeba2a7a0db6dcda35baf5f68ef8a97449260
- Size
  
  459KB
- MD5
  
  4e49a88d489d88f3cdfee9fa077ef865
- SHA1
  
  34f205c4c3a356eb0793850d6953802283e55c57
- SHA256
  
  605255cd417fde0180da116df7deeba2a7a0db6dcda35baf5f68ef8a97449260
- SHA512
  
  559c4e67e078a663ed6e76c03b1d0b432e7eb3471f543efdf2e77938724334880db65418bb9773a4ed089add2a280b99b44942d0cf786be13783de6dcd8887b3
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

behavioral2

osirisbankerbotnet