Overview

overview

10

Static

static

0430.exe

windows7_x64

10

0430.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0430.exe

  • Size

    1.2MB

  • Sample

    210926-gesezsedg8

  • MD5

    0f21bac0d5d8570953996a2aa417ddc3

  • SHA1

    68ccbb4e6d58ba69e1515ac0fe16a886b49ec01c

  • SHA256

    f919093797c9392b74e2c55de01ae57892d871a11752b945e291b270c076b732

  • SHA512

    3c779bf7a065f97e08c06704d4eb851597e9c46f18be71ecfaef51262859e98078eb1ec9fa354fa8cba26c753a2dbe4d3a6b763a3b9a15db63bf7a2596c11649

Score
10/10
osirisbankerbotnet

Malware Config

Targets

    • Target

      0430.exe

    • Size

      1.2MB

    • MD5

      0f21bac0d5d8570953996a2aa417ddc3

    • SHA1

      68ccbb4e6d58ba69e1515ac0fe16a886b49ec01c

    • SHA256

      f919093797c9392b74e2c55de01ae57892d871a11752b945e291b270c076b732

    • SHA512

      3c779bf7a065f97e08c06704d4eb851597e9c46f18be71ecfaef51262859e98078eb1ec9fa354fa8cba26c753a2dbe4d3a6b763a3b9a15db63bf7a2596c11649

    Score
    10/10
    osirisbankerbotnet

    • Osiris

      bankerbotnetosiris

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

1
T1090

Impact

Tasks