osiris | 13546a3fb478c1bcfa4bf5b9ef67ab8c6782e9395200eb3a9dc473e010486f2a | Triage

Sharing

General

Target

13546a3fb478c1bcfa4bf5b9ef67ab8c6782e9395200eb3a9dc473e010486f2a
Size

478KB
Sample

220603-hbdcbsfger
MD5

468d5048217542d4c0488b61343a9c12
SHA1

9b1a64015c850b4920751b82edebdb1057d9d7ab
SHA256

13546a3fb478c1bcfa4bf5b9ef67ab8c6782e9395200eb3a9dc473e010486f2a
SHA512

872eef12525f9d508b8da870f58db32efb4ee8c39a4382b36067dd658df033653aa98daec3c4b9da4d940a7f77ebffc92e4c18d410af888c75fea97aaddb262a

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  13546a3fb478c1bcfa4bf5b9ef67ab8c6782e9395200eb3a9dc473e010486f2a
- Size
  
  478KB
- MD5
  
  468d5048217542d4c0488b61343a9c12
- SHA1
  
  9b1a64015c850b4920751b82edebdb1057d9d7ab
- SHA256
  
  13546a3fb478c1bcfa4bf5b9ef67ab8c6782e9395200eb3a9dc473e010486f2a
- SHA512
  
  872eef12525f9d508b8da870f58db32efb4ee8c39a4382b36067dd658df033653aa98daec3c4b9da4d940a7f77ebffc92e4c18d410af888c75fea97aaddb262a
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet