osiris | 8dca437ddb1e4da984df797cfa3a3028b33b3e78fdeae7f0a2e6421bb7ff5fec | Triage

Sharing

General

Target

8dca437ddb1e4da984df797cfa3a3028b33b3e78fdeae7f0a2e6421bb7ff5fec
Size

460KB
Sample

220701-gl8esaegej
MD5

eb5171507f7ad50eb8ce6f56e0fc8155
SHA1

715b4a38f1503f7c5079210fcbd783a817f06c3f
SHA256

8dca437ddb1e4da984df797cfa3a3028b33b3e78fdeae7f0a2e6421bb7ff5fec
SHA512

28cbf3fc98b085ba3967b30da20421a6ed5ad7cd7605feb1afa4348c1bbcf93cd6d9c6b1cbd6fa3874649aab44a7e675609502567a9c3c5ad3fcd5d29bca3d92

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  8dca437ddb1e4da984df797cfa3a3028b33b3e78fdeae7f0a2e6421bb7ff5fec
- Size
  
  460KB
- MD5
  
  eb5171507f7ad50eb8ce6f56e0fc8155
- SHA1
  
  715b4a38f1503f7c5079210fcbd783a817f06c3f
- SHA256
  
  8dca437ddb1e4da984df797cfa3a3028b33b3e78fdeae7f0a2e6421bb7ff5fec
- SHA512
  
  28cbf3fc98b085ba3967b30da20421a6ed5ad7cd7605feb1afa4348c1bbcf93cd6d9c6b1cbd6fa3874649aab44a7e675609502567a9c3c5ad3fcd5d29bca3d92
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet