osiris | 41373529408c8e28b521bee7df87d96dcea5a506f5af9518e6ef3067929e69de | Triage

Sharing

General

Target

41373529408c8e28b521bee7df87d96dcea5a506f5af9518e6ef3067929e69de
Size

483KB
Sample

220708-g7j93sdbek
MD5

fd1c4247cd271a501417f076da34e3fa
SHA1

2ae61e49bbc9ae3439402ab637a6ff91a716e25f
SHA256

41373529408c8e28b521bee7df87d96dcea5a506f5af9518e6ef3067929e69de
SHA512

739c8adea98b4dd3939e4e7f03d466bd3b9a24e050745d5f270e98f392b28f67b589895ea45c255b1104cf31a573b55237ed5ebf54ad41dd16d144e04812b1d2

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  41373529408c8e28b521bee7df87d96dcea5a506f5af9518e6ef3067929e69de
- Size
  
  483KB
- MD5
  
  fd1c4247cd271a501417f076da34e3fa
- SHA1
  
  2ae61e49bbc9ae3439402ab637a6ff91a716e25f
- SHA256
  
  41373529408c8e28b521bee7df87d96dcea5a506f5af9518e6ef3067929e69de
- SHA512
  
  739c8adea98b4dd3939e4e7f03d466bd3b9a24e050745d5f270e98f392b28f67b589895ea45c255b1104cf31a573b55237ed5ebf54ad41dd16d144e04812b1d2
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet