osiris | 1cd462020c2d71b99f86548ed284db7440e21fd203897715362caf8feba051b1 | Triage

Sharing

General

Target

1cd462020c2d71b99f86548ed284db7440e21fd203897715362caf8feba051b1
Size

471KB
Sample

220607-raqeyafce2
MD5

9292d0f25642e2ec149b335cdf87a897
SHA1

875d3e7d929ff9fcdce273c90b540dd150733a8a
SHA256

1cd462020c2d71b99f86548ed284db7440e21fd203897715362caf8feba051b1
SHA512

77eaf8a7127ddb10b8170d46fdee96b55a4bafda9155bfbd44f475745b734480c5686a822b3eb4c437f6fc2552efc4b9c76a83c556130b2bf6cb70a34bf69643

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  1cd462020c2d71b99f86548ed284db7440e21fd203897715362caf8feba051b1
- Size
  
  471KB
- MD5
  
  9292d0f25642e2ec149b335cdf87a897
- SHA1
  
  875d3e7d929ff9fcdce273c90b540dd150733a8a
- SHA256
  
  1cd462020c2d71b99f86548ed284db7440e21fd203897715362caf8feba051b1
- SHA512
  
  77eaf8a7127ddb10b8170d46fdee96b55a4bafda9155bfbd44f475745b734480c5686a822b3eb4c437f6fc2552efc4b9c76a83c556130b2bf6cb70a34bf69643
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet