osiris | 82c9134a4572b9f23a71f44457df5060d477e8d94b4db1ca9601da3ed9b0339d | Triage

Sharing

General

Target

82c9134a4572b9f23a71f44457df5060d477e8d94b4db1ca9601da3ed9b0339d
Size

766KB
Sample

210930-n5sxrshfbn
MD5

14c2c638949c4a8f5122ff2aadd8df47
SHA1

31475f4bf3b96b8225b8e082b9c1b46f551943d6
SHA256

82c9134a4572b9f23a71f44457df5060d477e8d94b4db1ca9601da3ed9b0339d
SHA512

bbd927bdbeb74af1a07ff03f25a2fc295ee513c0d0d5b5b88a4d05e993d3e42205bd607e57192456b257d6a7fd0b40f848a95580f6a912a3ae3ebfc839ce5f6c

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  82c9134a4572b9f23a71f44457df5060d477e8d94b4db1ca9601da3ed9b0339d
- Size
  
  766KB
- MD5
  
  14c2c638949c4a8f5122ff2aadd8df47
- SHA1
  
  31475f4bf3b96b8225b8e082b9c1b46f551943d6
- SHA256
  
  82c9134a4572b9f23a71f44457df5060d477e8d94b4db1ca9601da3ed9b0339d
- SHA512
  
  bbd927bdbeb74af1a07ff03f25a2fc295ee513c0d0d5b5b88a4d05e993d3e42205bd607e57192456b257d6a7fd0b40f848a95580f6a912a3ae3ebfc839ce5f6c
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet