Overview

overview

10

Static

static

malware.js

windows7_x64

3

malware.js

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    malware.js

  • Size

    2.5MB

  • Sample

    210722-837q3gwvfx

  • MD5

    01ccfabf585a85f66195351871b9b467

  • SHA1

    1b579fc4810d854da3bc59cc0024a368387423e4

  • SHA256

    d0ac1b89cd4522882989b06c18ef2b80b05e07d64de1f562f79e2d631536fed3

  • SHA512

    ce08769df3983ed9dd53189dcc1ad1887112cc65c8633a1fe333176afbe55194473e601df3c0757a0e2066d0c4b372f69e3706e5fa0d805dffec326807fdb05e

Score
10/10
osirisbankerbotnet

Malware Config

Targets

    • Target

      malware.js

    • Size

      2.5MB

    • MD5

      01ccfabf585a85f66195351871b9b467

    • SHA1

      1b579fc4810d854da3bc59cc0024a368387423e4

    • SHA256

      d0ac1b89cd4522882989b06c18ef2b80b05e07d64de1f562f79e2d631536fed3

    • SHA512

      ce08769df3983ed9dd53189dcc1ad1887112cc65c8633a1fe333176afbe55194473e601df3c0757a0e2066d0c4b372f69e3706e5fa0d805dffec326807fdb05e

    Score
    10/10
    osirisbankerbotnet

    • Osiris

      bankerbotnetosiris

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks