osiris | aafa83d5e0619e69e64fcac4626cfb298baac54c7251f479721df1c2eb16bee7 | Triage

Sharing

General

Target

aafa83d5e0619e69e64fcac4626cfb298baac54c7251f479721df1c2eb16bee7
Size

639KB
Sample

220128-xn36vababp
MD5

8ed076f9b5d1287b3ab2adef74d0ecdb
SHA1

5751e93c32b250c816a708aaa11d281a3551cafb
SHA256

aafa83d5e0619e69e64fcac4626cfb298baac54c7251f479721df1c2eb16bee7
SHA512

786be06b66b9a22be234e94eb49f6d32f8634bda8ec5c29ccfdb9a283cdf6675b744c087b8fa483a9af842776c049a49608e6c1af28cc291149ed405a2d63b7a

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  aafa83d5e0619e69e64fcac4626cfb298baac54c7251f479721df1c2eb16bee7
- Size
  
  639KB
- MD5
  
  8ed076f9b5d1287b3ab2adef74d0ecdb
- SHA1
  
  5751e93c32b250c816a708aaa11d281a3551cafb
- SHA256
  
  aafa83d5e0619e69e64fcac4626cfb298baac54c7251f479721df1c2eb16bee7
- SHA512
  
  786be06b66b9a22be234e94eb49f6d32f8634bda8ec5c29ccfdb9a283cdf6675b744c087b8fa483a9af842776c049a49608e6c1af28cc291149ed405a2d63b7a
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet