osiris | d0ac1b89cd4522882989b06c18ef2b80b05e07d64de1f562f79e2d631536fed3 | Triage

Submit
Reports

Overview

overview

Static

static

malware.js

windows7_x64

3

malware.js

windows10_x64

Sharing

General

Target

malware.js
Size

2.5MB
Sample

210722-837q3gwvfx
MD5

01ccfabf585a85f66195351871b9b467
SHA1

1b579fc4810d854da3bc59cc0024a368387423e4
SHA256

d0ac1b89cd4522882989b06c18ef2b80b05e07d64de1f562f79e2d631536fed3
SHA512

ce08769df3983ed9dd53189dcc1ad1887112cc65c8633a1fe333176afbe55194473e601df3c0757a0e2066d0c4b372f69e3706e5fa0d805dffec326807fdb05e

Score

10^/10

osiris banker botnet

Static task

static1

Behavioral task

behavioral1

Sample

malware.js

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

malware.js

Resource

win10v20210408

osiris banker botnet

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  malware.js
- Size
  
  2.5MB
- MD5
  
  01ccfabf585a85f66195351871b9b467
- SHA1
  
  1b579fc4810d854da3bc59cc0024a368387423e4
- SHA256
  
  d0ac1b89cd4522882989b06c18ef2b80b05e07d64de1f562f79e2d631536fed3
- SHA512
  
  ce08769df3983ed9dd53189dcc1ad1887112cc65c8633a1fe333176afbe55194473e601df3c0757a0e2066d0c4b372f69e3706e5fa0d805dffec326807fdb05e
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

behavioral2

osirisbankerbotnet

© 2018-2024

Terms | Privacy