osiris | 28f78b7b403a48c75b261ac096f37b652eedce6548ca96243f12a6a2384a2290 | Triage

Sharing

General

Target

28f78b7b403a48c75b261ac096f37b652eedce6548ca96243f12a6a2384a2290
Size

737KB
Sample

220615-tb9ajseahn
MD5

1f123edf412b54499bda71c840fdbb0e
SHA1

a353a9e9b49fbc5b6a3ee44a2d0d63f692be9c22
SHA256

28f78b7b403a48c75b261ac096f37b652eedce6548ca96243f12a6a2384a2290
SHA512

8b89db45a0e1bb1af0a180fc6562b2b32bc1d3baf0ef1d779fe7473484f16b1f0e8fa7ef38be9ce7252d6eefc9b8fe02fb622ddf1408411ea064c486e9ecee25

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  28f78b7b403a48c75b261ac096f37b652eedce6548ca96243f12a6a2384a2290
- Size
  
  737KB
- MD5
  
  1f123edf412b54499bda71c840fdbb0e
- SHA1
  
  a353a9e9b49fbc5b6a3ee44a2d0d63f692be9c22
- SHA256
  
  28f78b7b403a48c75b261ac096f37b652eedce6548ca96243f12a6a2384a2290
- SHA512
  
  8b89db45a0e1bb1af0a180fc6562b2b32bc1d3baf0ef1d779fe7473484f16b1f0e8fa7ef38be9ce7252d6eefc9b8fe02fb622ddf1408411ea064c486e9ecee25
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet