osiris | 7780841e593f1b2773ccf3f941a9682ff07a02025325948a24eecb21e8071221 | Triage

Sharing

General

Target

7780841e593f1b2773ccf3f941a9682ff07a02025325948a24eecb21e8071221
Size

518KB
Sample

220625-genf2aadf3
MD5

767bab0aa3f85c2eb741ddfb305698b7
SHA1

ac25865ac9b2ba1fde9b321d76329c19e3003ccc
SHA256

7780841e593f1b2773ccf3f941a9682ff07a02025325948a24eecb21e8071221
SHA512

3717444bfa43fddb450a246e0283c04515b2dd714a98cb428674b690e85584e6fd95a303c802077f14c571fd9743bc4ba8d5f7e77e0be069f09287e85f7f6cf3

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  7780841e593f1b2773ccf3f941a9682ff07a02025325948a24eecb21e8071221
- Size
  
  518KB
- MD5
  
  767bab0aa3f85c2eb741ddfb305698b7
- SHA1
  
  ac25865ac9b2ba1fde9b321d76329c19e3003ccc
- SHA256
  
  7780841e593f1b2773ccf3f941a9682ff07a02025325948a24eecb21e8071221
- SHA512
  
  3717444bfa43fddb450a246e0283c04515b2dd714a98cb428674b690e85584e6fd95a303c802077f14c571fd9743bc4ba8d5f7e77e0be069f09287e85f7f6cf3
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet