Overview

overview

10

Static

static

0664c46691...69.exe

windows7_x64

10

0664c46691...69.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    153s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    31-05-2022 06:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0664c46691135a3d6015354e0f0c54fd09fed20ab5b8b2582c799dfe35d2dd69.exe

  • Size

    507KB

  • MD5

    e38d0d5ef1f8dd657479d08248dd83a1

  • SHA1

    85df1e4f362b0bd9f48016b7f155aa757f7bc1d7

  • SHA256

    0664c46691135a3d6015354e0f0c54fd09fed20ab5b8b2582c799dfe35d2dd69

  • SHA512

    212d9a356406bacc8f8f388b195fd22fcf02757da5543e7a5f5d66d09b84ee310a9359cf8f979ee0923889862b48ba1ed02fb60fea0b4bd3486a930f4a3d690b

Score
10/10
osirisbankerbotnet

Malware Config

Signatures

  • Osiris
    bankerbotnetosiris
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications 1 TTPs

    Malware can proxy its traffic through Tor for more anonymity.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0664c46691135a3d6015354e0f0c54fd09fed20ab5b8b2582c799dfe35d2dd69.exe
    "C:\Users\Admin\AppData\Local\Temp\0664c46691135a3d6015354e0f0c54fd09fed20ab5b8b2582c799dfe35d2dd69.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:776

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

1
T1090

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/776-54-0x0000000074DE1000-0x0000000074DE3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/776-55-0x0000000000320000-0x0000000000373000-memory.dmp
    Filesize

    332KB

    Download
  • memory/776-56-0x0000000000400000-0x0000000000485000-memory.dmp
    Filesize

    532KB

    Download
  • memory/776-57-0x0000000001DD0000-0x0000000001E75000-memory.dmp
    Filesize

    660KB

    Download
  • memory/776-58-0x0000000010000000-0x0000000010015000-memory.dmp
    Filesize

    84KB

    Download
  • memory/776-59-0x00000000002F0000-0x0000000000310000-memory.dmp
    Filesize

    128KB

    Download
  • memory/776-60-0x00000000002E0000-0x00000000002E5000-memory.dmp
    Filesize

    20KB

    Download
  • memory/776-61-0x0000000001DD0000-0x0000000001E75000-memory.dmp
    Filesize

    660KB

    Download