osiris | 6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239 | Triage

Resubmissions

18-04-2024 05:14

240418-fxa3zsdd41 10

18-04-2024 05:14

240418-fw8mvsca99 10

18-04-2024 05:14

240418-fw642aca97 10

18-04-2024 05:14

240418-fw6hhaca96 10

18-04-2024 05:14

240418-fw5wzadd4y 10

22-09-2021 13:23

210922-qmv1hsfdbr 10

Sharing

General

Target

6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239
Size

434KB
Sample

210922-qmv1hsfdbr
MD5

556c756b428b0a6f1516de031c3bfdb3
SHA1

d4a8195611ac93a268b0ebdc14319a75de856725
SHA256

6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239
SHA512

0e6ffc8dd5dda62a3936a5ea311a9e7007f27ead2f86f9f3f17510a78d2181b16473c69b3b5aa465f68042adef0d95fa8403f9d5bb106dbb4896750caef60a26

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239
- Size
  
  434KB
- MD5
  
  556c756b428b0a6f1516de031c3bfdb3
- SHA1
  
  d4a8195611ac93a268b0ebdc14319a75de856725
- SHA256
  
  6b64ec1c1ec9e8eb486f721c283d377a2e52f177e9f947d0d217ce84685ed239
- SHA512
  
  0e6ffc8dd5dda62a3936a5ea311a9e7007f27ead2f86f9f3f17510a78d2181b16473c69b3b5aa465f68042adef0d95fa8403f9d5bb106dbb4896750caef60a26
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet