osiris | 58a27637b08f3e978f732e938868f4af3efcf80ac786bdbdcfb00a7a3dd39363 | Triage

Sharing

General

Target

58a27637b08f3e978f732e938868f4af3efcf80ac786bdbdcfb00a7a3dd39363
Size

604KB
Sample

220625-g6ryjahcgj
MD5

64c9a022dc31aa09718455c6a128c4a0
SHA1

6d90828a3b4f2b4469cb87ce4aba6f51e689bb65
SHA256

58a27637b08f3e978f732e938868f4af3efcf80ac786bdbdcfb00a7a3dd39363
SHA512

209ba13229acbe7453c83c2e7a8b01dbeb805347d2e9a2b3fa81822bde538b4a5e013b28439315e54de7e6278a5fce1b07d98ebb27661c4c089735e38c1d659a

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  58a27637b08f3e978f732e938868f4af3efcf80ac786bdbdcfb00a7a3dd39363
- Size
  
  604KB
- MD5
  
  64c9a022dc31aa09718455c6a128c4a0
- SHA1
  
  6d90828a3b4f2b4469cb87ce4aba6f51e689bb65
- SHA256
  
  58a27637b08f3e978f732e938868f4af3efcf80ac786bdbdcfb00a7a3dd39363
- SHA512
  
  209ba13229acbe7453c83c2e7a8b01dbeb805347d2e9a2b3fa81822bde538b4a5e013b28439315e54de7e6278a5fce1b07d98ebb27661c4c089735e38c1d659a
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet