osiris | 23d879005835999bd3c38410232c0997317bf221df5491989ec3a5463222c1f8 | Triage

Sharing

General

Target

23d879005835999bd3c38410232c0997317bf221df5491989ec3a5463222c1f8
Size

461KB
Sample

220612-ahn4eaebgm
MD5

f38a6cdf89d7e22c8d5cd10f96bb578b
SHA1

4a7b9eabab7a078d16633e9ebd4371a8bf8ad111
SHA256

23d879005835999bd3c38410232c0997317bf221df5491989ec3a5463222c1f8
SHA512

312d321db5b923f5b0388f2ee53dd18b7d268fd2831578b5d0a3e99a8761eebeb14c28a92743ae5e05ef2570e3d39e03b0991f7d4df7ccc165fae591b0a5db9f

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  23d879005835999bd3c38410232c0997317bf221df5491989ec3a5463222c1f8
- Size
  
  461KB
- MD5
  
  f38a6cdf89d7e22c8d5cd10f96bb578b
- SHA1
  
  4a7b9eabab7a078d16633e9ebd4371a8bf8ad111
- SHA256
  
  23d879005835999bd3c38410232c0997317bf221df5491989ec3a5463222c1f8
- SHA512
  
  312d321db5b923f5b0388f2ee53dd18b7d268fd2831578b5d0a3e99a8761eebeb14c28a92743ae5e05ef2570e3d39e03b0991f7d4df7ccc165fae591b0a5db9f
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet