osiris | 1734c05884e55ddb98494e1e5489f8e65e27e5752384eaeddb8adbdcc3788a64 | Triage

Sharing

General

Target

1734c05884e55ddb98494e1e5489f8e65e27e5752384eaeddb8adbdcc3788a64
Size

434KB
Sample

210930-pew26shgbn
MD5

fd3312938db4f099372ee8f6cd664d46
SHA1

5fca27cf9c9ecaaffd1ee4ee7413bc4a36c59269
SHA256

1734c05884e55ddb98494e1e5489f8e65e27e5752384eaeddb8adbdcc3788a64
SHA512

d204112a5c6611c653f36cc67e69598209f70bfbfbfb0da2cb7333a287c6a28bb8a9331dfffcfb0465d77860917e0d5b903a637b0463e9b1b6d8fe6d577cca01

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  1734c05884e55ddb98494e1e5489f8e65e27e5752384eaeddb8adbdcc3788a64
- Size
  
  434KB
- MD5
  
  fd3312938db4f099372ee8f6cd664d46
- SHA1
  
  5fca27cf9c9ecaaffd1ee4ee7413bc4a36c59269
- SHA256
  
  1734c05884e55ddb98494e1e5489f8e65e27e5752384eaeddb8adbdcc3788a64
- SHA512
  
  d204112a5c6611c653f36cc67e69598209f70bfbfbfb0da2cb7333a287c6a28bb8a9331dfffcfb0465d77860917e0d5b903a637b0463e9b1b6d8fe6d577cca01
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet