osiris | 570460fe5838196fe9684b2ef0e0c374c5c42c7623bf446faa87b0e9f68a5f71 | Triage

Sharing

General

Target

570460fe5838196fe9684b2ef0e0c374c5c42c7623bf446faa87b0e9f68a5f71
Size

566KB
Sample

220328-vtcjzaggck
MD5

16c5205bb1eb990e7ed725890defecce
SHA1

9e30385f4b548b6166086bc3096bcb692b18073f
SHA256

570460fe5838196fe9684b2ef0e0c374c5c42c7623bf446faa87b0e9f68a5f71
SHA512

93e5380cb67a9bb33e989c5fb28cdef71a258c075856c5c2727bebf503100efda486f7003468b4d65d94e6e66a640d1fdafa4e3a670c6be9fe3192776ca58fda

Score

10^/10

osiris banker botnet persistence

Malware Config

Targets

- Target
  
  570460fe5838196fe9684b2ef0e0c374c5c42c7623bf446faa87b0e9f68a5f71
- Size
  
  566KB
- MD5
  
  16c5205bb1eb990e7ed725890defecce
- SHA1
  
  9e30385f4b548b6166086bc3096bcb692b18073f
- SHA256
  
  570460fe5838196fe9684b2ef0e0c374c5c42c7623bf446faa87b0e9f68a5f71
- SHA512
  
  93e5380cb67a9bb33e989c5fb28cdef71a258c075856c5c2727bebf503100efda486f7003468b4d65d94e6e66a640d1fdafa4e3a670c6be9fe3192776ca58fda
Score

10^/10

osiris banker botnet persistence
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnetpersistence

behavioral2

osirisbankerbotnetpersistence