osiris | 45b8f4130d70db6e59cc17cae406798f5e40f97f460caf032d59b2a1715ec33c | Triage

Resubmissions

22-09-2021 14:37

210922-ry949adad8 10

Sharing

General

Target

45b8f4130d70db6e59cc17cae406798f5e40f97f460caf032d59b2a1715ec33c
Size

1.2MB
Sample

210922-ry949adad8
MD5

9d06f72aeb10616c07e774187dfdce95
SHA1

9c71200fd05f22fa12971c0ad4232d4fc169430d
SHA256

45b8f4130d70db6e59cc17cae406798f5e40f97f460caf032d59b2a1715ec33c
SHA512

e1bf5a51c59420355c1bae2c241d52e007a60fddb5847647e49c71b65abd1210d87a5cdb23ea62e7e2863bd86bb99ae89cd66767c906e8322634dc33ec454843

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  45b8f4130d70db6e59cc17cae406798f5e40f97f460caf032d59b2a1715ec33c
- Size
  
  1.2MB
- MD5
  
  9d06f72aeb10616c07e774187dfdce95
- SHA1
  
  9c71200fd05f22fa12971c0ad4232d4fc169430d
- SHA256
  
  45b8f4130d70db6e59cc17cae406798f5e40f97f460caf032d59b2a1715ec33c
- SHA512
  
  e1bf5a51c59420355c1bae2c241d52e007a60fddb5847647e49c71b65abd1210d87a5cdb23ea62e7e2863bd86bb99ae89cd66767c906e8322634dc33ec454843
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet