osiris | 2fc09dd0129e630bd1ab8e6e7406dedab6a21d366bfabf207b6085c8eb478632 | Triage

Sharing

General

Target

2fc09dd0129e630bd1ab8e6e7406dedab6a21d366bfabf207b6085c8eb478632
Size

573KB
Sample

220621-xrlqzadaf3
MD5

8b16960a57d58c33caaa19bc139e3ebb
SHA1

f86cad09d3e1502f1b441148ea4c2bb47d3e6d38
SHA256

2fc09dd0129e630bd1ab8e6e7406dedab6a21d366bfabf207b6085c8eb478632
SHA512

53dd710d1c2f2f9a996065f03000b617466ff25d26d109c1fe35e0a1a88f7a54dcd2e982bd44d39d52e5cf2ce6857ea4fa0f659b26a53034c7a762920be16085

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  2fc09dd0129e630bd1ab8e6e7406dedab6a21d366bfabf207b6085c8eb478632
- Size
  
  573KB
- MD5
  
  8b16960a57d58c33caaa19bc139e3ebb
- SHA1
  
  f86cad09d3e1502f1b441148ea4c2bb47d3e6d38
- SHA256
  
  2fc09dd0129e630bd1ab8e6e7406dedab6a21d366bfabf207b6085c8eb478632
- SHA512
  
  53dd710d1c2f2f9a996065f03000b617466ff25d26d109c1fe35e0a1a88f7a54dcd2e982bd44d39d52e5cf2ce6857ea4fa0f659b26a53034c7a762920be16085
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet