osiris | a073b78de7b2b5d859a17812585f825fbf71fbd940fa208f6853c744c1c64359 | Triage

Sharing

General

Target

a073b78de7b2b5d859a17812585f825fbf71fbd940fa208f6853c744c1c64359
Size

629KB
Sample

220625-dex4padgd5
MD5

8086778c1015d255bfbf3558aa88c4e2
SHA1

23af1b1714fe0286a4031f2798ae19dd4f7305b6
SHA256

a073b78de7b2b5d859a17812585f825fbf71fbd940fa208f6853c744c1c64359
SHA512

1e9866e7da258279b3bad74b72d2e44eaa7e190f535d630e69206bdd22259889e58481ebd1128aae4006cd98843e5c03bda7feda0efc68eb6c843ed6f22516a2

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  a073b78de7b2b5d859a17812585f825fbf71fbd940fa208f6853c744c1c64359
- Size
  
  629KB
- MD5
  
  8086778c1015d255bfbf3558aa88c4e2
- SHA1
  
  23af1b1714fe0286a4031f2798ae19dd4f7305b6
- SHA256
  
  a073b78de7b2b5d859a17812585f825fbf71fbd940fa208f6853c744c1c64359
- SHA512
  
  1e9866e7da258279b3bad74b72d2e44eaa7e190f535d630e69206bdd22259889e58481ebd1128aae4006cd98843e5c03bda7feda0efc68eb6c843ed6f22516a2
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet