osiris | 53a06e86b64819a4b21977584c5ee1591c0299d45ebdaad1306b852c64ec5f89 | Triage

Sharing

General

Target

53a06e86b64819a4b21977584c5ee1591c0299d45ebdaad1306b852c64ec5f89
Size

566KB
Sample

210922-ql9saafdbj
MD5

0e182fa82cebb7c71134d22645d7181c
SHA1

620ce9d1e80005fa11747ed2223e79c710774c87
SHA256

53a06e86b64819a4b21977584c5ee1591c0299d45ebdaad1306b852c64ec5f89
SHA512

1d3cf14c638beff88eb06fcffbc22a1e7cfcbca3dd7c21d960f82a5f40f65a3469519cd35ac6960e1d9ef959208132ed362bd25ae612832baeced75ce003145a

Score

10^/10

osiris banker botnet persistence

Malware Config

Targets

- Target
  
  53a06e86b64819a4b21977584c5ee1591c0299d45ebdaad1306b852c64ec5f89
- Size
  
  566KB
- MD5
  
  0e182fa82cebb7c71134d22645d7181c
- SHA1
  
  620ce9d1e80005fa11747ed2223e79c710774c87
- SHA256
  
  53a06e86b64819a4b21977584c5ee1591c0299d45ebdaad1306b852c64ec5f89
- SHA512
  
  1d3cf14c638beff88eb06fcffbc22a1e7cfcbca3dd7c21d960f82a5f40f65a3469519cd35ac6960e1d9ef959208132ed362bd25ae612832baeced75ce003145a
Score

10^/10

osiris banker botnet persistence
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Connection Proxy

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

osirisbankerbotnetpersistence

behavioral2

osirisbankerbotnetpersistence