osiris | 273ef7c5ccc5d20480bdabba96c277e27e2a7b9da0fa13dfd94791573d143209 | Triage

Sharing

General

Target

273ef7c5ccc5d20480bdabba96c277e27e2a7b9da0fa13dfd94791573d143209
Size

471KB
Sample

220616-f7wgnsgbb2
MD5

ef2e2f76b1102935ade79e5ecb86444f
SHA1

000f0796e14f4d96e1e56c108f57c7fa4f970c77
SHA256

273ef7c5ccc5d20480bdabba96c277e27e2a7b9da0fa13dfd94791573d143209
SHA512

84e5f7d1d6f0ad65662868d99ebf825182d73d19010db6854ede5ac0414fdce39659ed65a26641b171143d0646f734ab2e2bca4bd0157bf4b33bfd86f142470e

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  273ef7c5ccc5d20480bdabba96c277e27e2a7b9da0fa13dfd94791573d143209
- Size
  
  471KB
- MD5
  
  ef2e2f76b1102935ade79e5ecb86444f
- SHA1
  
  000f0796e14f4d96e1e56c108f57c7fa4f970c77
- SHA256
  
  273ef7c5ccc5d20480bdabba96c277e27e2a7b9da0fa13dfd94791573d143209
- SHA512
  
  84e5f7d1d6f0ad65662868d99ebf825182d73d19010db6854ede5ac0414fdce39659ed65a26641b171143d0646f734ab2e2bca4bd0157bf4b33bfd86f142470e
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2