osiris | c0707259c84605cb9e9ffbf2aa84c57e67285450cc3c25689466d9774c837423 | Triage

Sharing

General

Target

c0707259c84605cb9e9ffbf2aa84c57e67285450cc3c25689466d9774c837423
Size

644KB
Sample

220724-2fsscsbbdk
MD5

52c48294e2bbeb15e9435529a4603372
SHA1

9d598a7171132584066a42e701f7c878c03f4d0a
SHA256

c0707259c84605cb9e9ffbf2aa84c57e67285450cc3c25689466d9774c837423
SHA512

2f84cf92b62fbc71e02df387fde3c7873d5c4e0d56115ef72a7dc5ac13b89f54dcdf76d57104ac333fb810d1d75682bcafadaf59e0d3e4bb09389470b195dd63

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  c0707259c84605cb9e9ffbf2aa84c57e67285450cc3c25689466d9774c837423
- Size
  
  644KB
- MD5
  
  52c48294e2bbeb15e9435529a4603372
- SHA1
  
  9d598a7171132584066a42e701f7c878c03f4d0a
- SHA256
  
  c0707259c84605cb9e9ffbf2aa84c57e67285450cc3c25689466d9774c837423
- SHA512
  
  2f84cf92b62fbc71e02df387fde3c7873d5c4e0d56115ef72a7dc5ac13b89f54dcdf76d57104ac333fb810d1d75682bcafadaf59e0d3e4bb09389470b195dd63
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet