osiris | 23d879005835999bd3c38410232c0997317bf221df5491989ec3a5463222c1f8 | Triage

Sharing

General

Target

23d879005835999bd3c38410232c0997317bf221df5491989ec3a5463222c1f8
Size

461KB
Sample

220612-ahn4eaebgm
MD5

f38a6cdf89d7e22c8d5cd10f96bb578b
SHA1

4a7b9eabab7a078d16633e9ebd4371a8bf8ad111
SHA256

23d879005835999bd3c38410232c0997317bf221df5491989ec3a5463222c1f8
SHA512

312d321db5b923f5b0388f2ee53dd18b7d268fd2831578b5d0a3e99a8761eebeb14c28a92743ae5e05ef2570e3d39e03b0991f7d4df7ccc165fae591b0a5db9f

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  23d879005835999bd3c38410232c0997317bf221df5491989ec3a5463222c1f8
- Size
  
  461KB
- MD5
  
  f38a6cdf89d7e22c8d5cd10f96bb578b
- SHA1
  
  4a7b9eabab7a078d16633e9ebd4371a8bf8ad111
- SHA256
  
  23d879005835999bd3c38410232c0997317bf221df5491989ec3a5463222c1f8
- SHA512
  
  312d321db5b923f5b0388f2ee53dd18b7d268fd2831578b5d0a3e99a8761eebeb14c28a92743ae5e05ef2570e3d39e03b0991f7d4df7ccc165fae591b0a5db9f
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet