osiris | c6f2c2312fe323ce670ae3409255baa8610d8128977c37d36813e4b097633eb9 | Triage

Sharing

General

Target

c6f2c2312fe323ce670ae3409255baa8610d8128977c37d36813e4b097633eb9
Size

434KB
Sample

210930-qlp3waaaal
MD5

6b7012b1d81d561a99c3736f695349eb
SHA1

4a6d7a195fb17bc14f1b578713fb251a176ad39f
SHA256

c6f2c2312fe323ce670ae3409255baa8610d8128977c37d36813e4b097633eb9
SHA512

e46916a7dced12163167d81788ab7404d2eb91fe4bfe1b10c5f34301e3768b391541df36ab7a41843f46b4fc9514ca3776db91aa7fe34709bbaf176a36e4454a

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  c6f2c2312fe323ce670ae3409255baa8610d8128977c37d36813e4b097633eb9
- Size
  
  434KB
- MD5
  
  6b7012b1d81d561a99c3736f695349eb
- SHA1
  
  4a6d7a195fb17bc14f1b578713fb251a176ad39f
- SHA256
  
  c6f2c2312fe323ce670ae3409255baa8610d8128977c37d36813e4b097633eb9
- SHA512
  
  e46916a7dced12163167d81788ab7404d2eb91fe4bfe1b10c5f34301e3768b391541df36ab7a41843f46b4fc9514ca3776db91aa7fe34709bbaf176a36e4454a
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet