Overview

overview

10

Static

static

605255cd41...60.exe

windows7_x64

8

605255cd41...60.exe

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    18-05-2021 12:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    605255cd417fde0180da116df7deeba2a7a0db6dcda35baf5f68ef8a97449260.exe

  • Size

    459KB

  • MD5

    4e49a88d489d88f3cdfee9fa077ef865

  • SHA1

    34f205c4c3a356eb0793850d6953802283e55c57

  • SHA256

    605255cd417fde0180da116df7deeba2a7a0db6dcda35baf5f68ef8a97449260

  • SHA512

    559c4e67e078a663ed6e76c03b1d0b432e7eb3471f543efdf2e77938724334880db65418bb9773a4ed089add2a280b99b44942d0cf786be13783de6dcd8887b3

Score
10/10
osirisbankerbotnet

Malware Config

Signatures

  • Osiris
    bankerbotnetosiris
  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications 1 TTPs

    Malware can proxy its traffic through Tor for more anonymity.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\605255cd417fde0180da116df7deeba2a7a0db6dcda35baf5f68ef8a97449260.exe
    "C:\Users\Admin\AppData\Local\Temp\605255cd417fde0180da116df7deeba2a7a0db6dcda35baf5f68ef8a97449260.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
      "C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe"
      2⤵
      • Executes dropped EXE
      PID:2172

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

1
T1090

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
    MD5

    b4cd27f2b37665f51eb9fe685ec1d373

    SHA1

    7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0

    SHA256

    91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581

    SHA512

    e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
    MD5

    b4cd27f2b37665f51eb9fe685ec1d373

    SHA1

    7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0

    SHA256

    91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581

    SHA512

    e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\x64btit.txt
    MD5

    7d64442a03a2e9f258748a012ad23e2a

    SHA1

    6714195b3718c09842d7063c6bd126bc11c51dd1

    SHA256

    b1a445660b1f62c0e0ad902ea2a8b22eee874cc6e37e8d919d481b64ba0e14a3

    SHA512

    d7c18f59e389a80a63331697c44f5d07a42c9f4dd2cb2fd160276bc32da24d259d1ed088c41f47651a9ba2133a6d28c5a1e05af7ed042c64eb070f5779ab0b5d

    Download Submit
  • memory/2172-116-0x0000000000000000-mapping.dmp
    Download
  • memory/2228-114-0x0000000008860000-0x00000000088B4000-memory.dmp
    Filesize

    336KB

    Download
  • memory/2228-115-0x0000000000400000-0x0000000006C5A000-memory.dmp
    Filesize

    104.4MB

    Download
  • memory/2228-119-0x0000000008910000-0x00000000089AF000-memory.dmp
    Filesize

    636KB

    Download