osiris | 577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764 | Triage

Resubmissions

18-04-2024 08:52

240418-ksvn2sge34 10

18-04-2024 08:51

240418-ksn69sge27 10

18-04-2024 08:51

240418-ksnkqshg71 10

18-04-2024 08:51

240418-ksmy7sge25 10

18-04-2024 08:51

240418-ksmcnsge24 10

Sharing

General

Target

577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764
Size

566KB
Sample

210913-j8gaxsdch6
MD5

1082785e3304ebb4bdd4add5623fb35e
SHA1

b9c461bae25cc7ce131350d9a5a0b433b5daed27
SHA256

577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764
SHA512

16436efc6aa97769f3e4290387172a902e08af3eb98272517ff73de4938533af0352a4d1dc034ec43ab7291c0beca968b08023fb2b6d927d496644d6282ee01d

Score

10^/10

osiris banker botnet persistence

Malware Config

Targets

- Target
  
  577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764
- Size
  
  566KB
- MD5
  
  1082785e3304ebb4bdd4add5623fb35e
- SHA1
  
  b9c461bae25cc7ce131350d9a5a0b433b5daed27
- SHA256
  
  577357bf7d715950aa9401b25029926f052c742ffd558ddc44853629245eb764
- SHA512
  
  16436efc6aa97769f3e4290387172a902e08af3eb98272517ff73de4938533af0352a4d1dc034ec43ab7291c0beca968b08023fb2b6d927d496644d6282ee01d
Score

10^/10

osiris banker botnet persistence
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Connection Proxy

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

osirisbankerbotnetpersistence

behavioral2

osirisbankerbotnetpersistence