osiris | 41373529408c8e28b521bee7df87d96dcea5a506f5af9518e6ef3067929e69de | Triage

Sharing

General

Target

41373529408c8e28b521bee7df87d96dcea5a506f5af9518e6ef3067929e69de
Size

483KB
Sample

220708-g7j93sdbek
MD5

fd1c4247cd271a501417f076da34e3fa
SHA1

2ae61e49bbc9ae3439402ab637a6ff91a716e25f
SHA256

41373529408c8e28b521bee7df87d96dcea5a506f5af9518e6ef3067929e69de
SHA512

739c8adea98b4dd3939e4e7f03d466bd3b9a24e050745d5f270e98f392b28f67b589895ea45c255b1104cf31a573b55237ed5ebf54ad41dd16d144e04812b1d2

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  41373529408c8e28b521bee7df87d96dcea5a506f5af9518e6ef3067929e69de
- Size
  
  483KB
- MD5
  
  fd1c4247cd271a501417f076da34e3fa
- SHA1
  
  2ae61e49bbc9ae3439402ab637a6ff91a716e25f
- SHA256
  
  41373529408c8e28b521bee7df87d96dcea5a506f5af9518e6ef3067929e69de
- SHA512
  
  739c8adea98b4dd3939e4e7f03d466bd3b9a24e050745d5f270e98f392b28f67b589895ea45c255b1104cf31a573b55237ed5ebf54ad41dd16d144e04812b1d2
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet