osiris | 9093361386bcaa69f7a1da458a55d766248ce31c2533eeb5e71219ab90c74344 | Triage

Sharing

General

Target

9093361386bcaa69f7a1da458a55d766248ce31c2533eeb5e71219ab90c74344
Size

465KB
Sample

220724-2djrnsafg6
MD5

5256820c516e2d3f8d4f9ee900e643f4
SHA1

211f35a241ed5509b1fda5d08d7af89a8359ed4a
SHA256

9093361386bcaa69f7a1da458a55d766248ce31c2533eeb5e71219ab90c74344
SHA512

9d855c2eaa000d05ff2a63b59486f6fa79ebbd1873be7a8ad0f67584b82b1f2eb3b6d63b0357bf5461f4358db0254649233037c839f84d98c44d1d551583291b

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  9093361386bcaa69f7a1da458a55d766248ce31c2533eeb5e71219ab90c74344
- Size
  
  465KB
- MD5
  
  5256820c516e2d3f8d4f9ee900e643f4
- SHA1
  
  211f35a241ed5509b1fda5d08d7af89a8359ed4a
- SHA256
  
  9093361386bcaa69f7a1da458a55d766248ce31c2533eeb5e71219ab90c74344
- SHA512
  
  9d855c2eaa000d05ff2a63b59486f6fa79ebbd1873be7a8ad0f67584b82b1f2eb3b6d63b0357bf5461f4358db0254649233037c839f84d98c44d1d551583291b
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet