osiris | 81e2ddde718f731a46f765b613be06c7f77a5f43436c542fe5ac7218108228fb | Triage

Resubmissions

22-09-2021 14:35

210922-ryctradad5 10

Sharing

General

Target

81e2ddde718f731a46f765b613be06c7f77a5f43436c542fe5ac7218108228fb
Size

1.2MB
Sample

210922-ryctradad5
MD5

a1f481baa8334ad8a5c65919af2b6346
SHA1

aec7cd3a72d96948bf741bba48048c1b5cf3f036
SHA256

81e2ddde718f731a46f765b613be06c7f77a5f43436c542fe5ac7218108228fb
SHA512

e0c28dabe65224c2a40612e18807dc7ccdb58168be304f38f625936b1ebbdf1a6233f6e8f3d3a676e9c82ae3d9e6477cdeac8299c670ae3676b3ca4c3fc434a8

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  81e2ddde718f731a46f765b613be06c7f77a5f43436c542fe5ac7218108228fb
- Size
  
  1.2MB
- MD5
  
  a1f481baa8334ad8a5c65919af2b6346
- SHA1
  
  aec7cd3a72d96948bf741bba48048c1b5cf3f036
- SHA256
  
  81e2ddde718f731a46f765b613be06c7f77a5f43436c542fe5ac7218108228fb
- SHA512
  
  e0c28dabe65224c2a40612e18807dc7ccdb58168be304f38f625936b1ebbdf1a6233f6e8f3d3a676e9c82ae3d9e6477cdeac8299c670ae3676b3ca4c3fc434a8
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet