osiris | 67d058d7954c3128fee1d6fcfd8a90eeab4f1470bf4f34169f087364fe7c3941 | Triage

Sharing

General

Target

67d058d7954c3128fee1d6fcfd8a90eeab4f1470bf4f34169f087364fe7c3941
Size

434KB
Sample

210930-qmg4nahgf2
MD5

24aa6264150275bdebc45d92cae491e0
SHA1

0a491be9ce26a0bca047fad405015e5d1bc82b2b
SHA256

67d058d7954c3128fee1d6fcfd8a90eeab4f1470bf4f34169f087364fe7c3941
SHA512

da0cb2bd2e2d83a3297291499a0c4d6be5fd5b7b1c5793f5ee2de5a62695c14a14d31f61de66867a2d6eafb396cab4f7a0aa11f34d0d13096226807db0fde989

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  67d058d7954c3128fee1d6fcfd8a90eeab4f1470bf4f34169f087364fe7c3941
- Size
  
  434KB
- MD5
  
  24aa6264150275bdebc45d92cae491e0
- SHA1
  
  0a491be9ce26a0bca047fad405015e5d1bc82b2b
- SHA256
  
  67d058d7954c3128fee1d6fcfd8a90eeab4f1470bf4f34169f087364fe7c3941
- SHA512
  
  da0cb2bd2e2d83a3297291499a0c4d6be5fd5b7b1c5793f5ee2de5a62695c14a14d31f61de66867a2d6eafb396cab4f7a0aa11f34d0d13096226807db0fde989
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet