General
-
Target
5e240877008b5a5cdd5b9f84fb53760ee68268e935588b625f414ad633c727a0
-
Size
527KB
-
Sample
210922-qmvprafdbl
-
MD5
5764f48fdd3277b92114e60010f14fde
-
SHA1
759ca2314be4f0fa951ac4d410f1db79b594dc78
-
SHA256
5e240877008b5a5cdd5b9f84fb53760ee68268e935588b625f414ad633c727a0
-
SHA512
06af25640135771564c18f97294f23b5640991222c20a02004b860694025173c5ac9379e39656d8326da4effb14ef615546fea865ec3745a94f82f64ef311f64
Malware Config
Targets
-
-
Target
5e240877008b5a5cdd5b9f84fb53760ee68268e935588b625f414ad633c727a0
-
Size
527KB
-
MD5
5764f48fdd3277b92114e60010f14fde
-
SHA1
759ca2314be4f0fa951ac4d410f1db79b594dc78
-
SHA256
5e240877008b5a5cdd5b9f84fb53760ee68268e935588b625f414ad633c727a0
-
SHA512
06af25640135771564c18f97294f23b5640991222c20a02004b860694025173c5ac9379e39656d8326da4effb14ef615546fea865ec3745a94f82f64ef311f64
Score10/10-
Osiris
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-
Suspicious use of SetThreadContext
-