osiris | 82b13cf8f768b3830b50622eba4da3593a8a724ffcefd55793ee87a4f0ea57ca | Triage

Sharing

General

Target

82b13cf8f768b3830b50622eba4da3593a8a724ffcefd55793ee87a4f0ea57ca
Size

434KB
Sample

210922-qned6acgg5
MD5

4b8ea3f7be543e21300e56992b08d6ab
SHA1

dcfbb5dd3087ec2edc6c3a779916b1b2585d42eb
SHA256

82b13cf8f768b3830b50622eba4da3593a8a724ffcefd55793ee87a4f0ea57ca
SHA512

ddfd79e32c248cc0419ab37f368247e8bae1d9ff83f86665b24e523a97bc584a3a5c3c26b97c78944439279001e76a1e97efebb52750362e62b9deea4b78bfb2

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  82b13cf8f768b3830b50622eba4da3593a8a724ffcefd55793ee87a4f0ea57ca
- Size
  
  434KB
- MD5
  
  4b8ea3f7be543e21300e56992b08d6ab
- SHA1
  
  dcfbb5dd3087ec2edc6c3a779916b1b2585d42eb
- SHA256
  
  82b13cf8f768b3830b50622eba4da3593a8a724ffcefd55793ee87a4f0ea57ca
- SHA512
  
  ddfd79e32c248cc0419ab37f368247e8bae1d9ff83f86665b24e523a97bc584a3a5c3c26b97c78944439279001e76a1e97efebb52750362e62b9deea4b78bfb2
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet