Overview

overview

10

Static

static

2fc09dd012...32.exe

windows7_x64

10

2fc09dd012...32.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2fc09dd0129e630bd1ab8e6e7406dedab6a21d366bfabf207b6085c8eb478632

  • Size

    573KB

  • Sample

    220621-xrlqzadaf3

  • MD5

    8b16960a57d58c33caaa19bc139e3ebb

  • SHA1

    f86cad09d3e1502f1b441148ea4c2bb47d3e6d38

  • SHA256

    2fc09dd0129e630bd1ab8e6e7406dedab6a21d366bfabf207b6085c8eb478632

  • SHA512

    53dd710d1c2f2f9a996065f03000b617466ff25d26d109c1fe35e0a1a88f7a54dcd2e982bd44d39d52e5cf2ce6857ea4fa0f659b26a53034c7a762920be16085

Score
10/10
osirisbankerbotnet

Malware Config

Targets

    • Target

      2fc09dd0129e630bd1ab8e6e7406dedab6a21d366bfabf207b6085c8eb478632

    • Size

      573KB

    • MD5

      8b16960a57d58c33caaa19bc139e3ebb

    • SHA1

      f86cad09d3e1502f1b441148ea4c2bb47d3e6d38

    • SHA256

      2fc09dd0129e630bd1ab8e6e7406dedab6a21d366bfabf207b6085c8eb478632

    • SHA512

      53dd710d1c2f2f9a996065f03000b617466ff25d26d109c1fe35e0a1a88f7a54dcd2e982bd44d39d52e5cf2ce6857ea4fa0f659b26a53034c7a762920be16085

    Score
    10/10
    osirisbankerbotnet

    • Osiris

      bankerbotnetosiris

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

1
T1090

Impact

Tasks