osiris | 7131d78da58eb6b54db8466e0c09d7173da6f05c5615841a73dc6a032648a217 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...46.exe

windows7_x64

SecuriteIn...46.exe

windows10_x64

Resubmissions

18-04-2024 08:49

240418-krfthagd74 10

18-04-2024 08:48

240418-kqsrnsgd65 10

18-04-2024 08:48

240418-kqr55shg3z 10

18-04-2024 08:48

240418-kqmwesgd62 10

18-04-2024 08:48

240418-kqmknahg3w 10

Sharing

General

Target

SecuriteInfo.com.BackDoor.Rat.281.18292.12946
Size

1.4MB
Sample

210615-n162cadl7e
MD5

793707365df26450bc8642f518a540f0
SHA1

66649127ad784288c393992971a197c10f86a8eb
SHA256

7131d78da58eb6b54db8466e0c09d7173da6f05c5615841a73dc6a032648a217
SHA512

550374f2b3963e99bbfa445236e2921d288e67e00b4425a3bfedba0b72bd2fe6027af484c8f7e143471e16738dd9f129c91e467e157e29a911f1ad44d2775695

Score

10^/10

osiris banker botnet spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.BackDoor.Rat.281.18292.12946.exe

Resource

win7v20210410

osiris banker botnet spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.BackDoor.Rat.281.18292.12946.exe

Resource

win10v20210408

osiris banker botnet spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.BackDoor.Rat.281.18292.12946
- Size
  
  1.4MB
- MD5
  
  793707365df26450bc8642f518a540f0
- SHA1
  
  66649127ad784288c393992971a197c10f86a8eb
- SHA256
  
  7131d78da58eb6b54db8466e0c09d7173da6f05c5615841a73dc6a032648a217
- SHA512
  
  550374f2b3963e99bbfa445236e2921d288e67e00b4425a3bfedba0b72bd2fe6027af484c8f7e143471e16738dd9f129c91e467e157e29a911f1ad44d2775695
Score

10^/10

osiris banker botnet spyware stealer
- Osiris
  banker botnet osiris
- Nirsoft
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnetspywarestealer

behavioral2

osirisbankerbotnetspywarestealer

© 2018-2024

Terms | Privacy