osiris | 255bed9e671ca88c25bf4603d231428430e2dcd0b1576054e5b9a03a35f54eda | Triage

Sharing

General

Target

255bed9e671ca88c25bf4603d231428430e2dcd0b1576054e5b9a03a35f54eda
Size

680KB
Sample

220611-x132lshdc6
MD5

bf541e2ca422c6e7a7faa51f9303dbce
SHA1

23546facf87a1b5a278db8ce799cd79f52c16f5d
SHA256

255bed9e671ca88c25bf4603d231428430e2dcd0b1576054e5b9a03a35f54eda
SHA512

f23900e6b01e03ff883cc98a82de08a5d166612f831e827a39cc701324ce5446224f3537f1e2915642587c0e3e34a9ee25d99fd1dfb7f9a4f281fb5c0081788d

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  255bed9e671ca88c25bf4603d231428430e2dcd0b1576054e5b9a03a35f54eda
- Size
  
  680KB
- MD5
  
  bf541e2ca422c6e7a7faa51f9303dbce
- SHA1
  
  23546facf87a1b5a278db8ce799cd79f52c16f5d
- SHA256
  
  255bed9e671ca88c25bf4603d231428430e2dcd0b1576054e5b9a03a35f54eda
- SHA512
  
  f23900e6b01e03ff883cc98a82de08a5d166612f831e827a39cc701324ce5446224f3537f1e2915642587c0e3e34a9ee25d99fd1dfb7f9a4f281fb5c0081788d
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet