osiris | 82b13cf8f768b3830b50622eba4da3593a8a724ffcefd55793ee87a4f0ea57ca | Triage

Sharing

General

Target

82b13cf8f768b3830b50622eba4da3593a8a724ffcefd55793ee87a4f0ea57ca
Size

434KB
Sample

210922-qned6acgg5
MD5

4b8ea3f7be543e21300e56992b08d6ab
SHA1

dcfbb5dd3087ec2edc6c3a779916b1b2585d42eb
SHA256

82b13cf8f768b3830b50622eba4da3593a8a724ffcefd55793ee87a4f0ea57ca
SHA512

ddfd79e32c248cc0419ab37f368247e8bae1d9ff83f86665b24e523a97bc584a3a5c3c26b97c78944439279001e76a1e97efebb52750362e62b9deea4b78bfb2

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  82b13cf8f768b3830b50622eba4da3593a8a724ffcefd55793ee87a4f0ea57ca
- Size
  
  434KB
- MD5
  
  4b8ea3f7be543e21300e56992b08d6ab
- SHA1
  
  dcfbb5dd3087ec2edc6c3a779916b1b2585d42eb
- SHA256
  
  82b13cf8f768b3830b50622eba4da3593a8a724ffcefd55793ee87a4f0ea57ca
- SHA512
  
  ddfd79e32c248cc0419ab37f368247e8bae1d9ff83f86665b24e523a97bc584a3a5c3c26b97c78944439279001e76a1e97efebb52750362e62b9deea4b78bfb2
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet