osiris | 15854a76db97918e152cabbd6ff921b7e71af57ea35b6a97e664e85214e0e6e3 | Triage

Sharing

General

Target

15854a76db97918e152cabbd6ff921b7e71af57ea35b6a97e664e85214e0e6e3
Size

434KB
Sample

220119-s7mkzsbbhm
MD5

4336e6751deca7528cb55ab0f180227e
SHA1

c8d4c51628616a8402445d0159f5c2bd220a39ec
SHA256

15854a76db97918e152cabbd6ff921b7e71af57ea35b6a97e664e85214e0e6e3
SHA512

8115f838752c6e5578d6c908b9fd1adf6c246b236e90385ec98ffab1579e5738f17999b1b44affb5a10a6ca96a710a68a86ed3e3098539318071896330b397be

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  15854a76db97918e152cabbd6ff921b7e71af57ea35b6a97e664e85214e0e6e3
- Size
  
  434KB
- MD5
  
  4336e6751deca7528cb55ab0f180227e
- SHA1
  
  c8d4c51628616a8402445d0159f5c2bd220a39ec
- SHA256
  
  15854a76db97918e152cabbd6ff921b7e71af57ea35b6a97e664e85214e0e6e3
- SHA512
  
  8115f838752c6e5578d6c908b9fd1adf6c246b236e90385ec98ffab1579e5738f17999b1b44affb5a10a6ca96a710a68a86ed3e3098539318071896330b397be
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet