Overview

overview

10

Static

static

5f0c8315f2...e8.exe

windows7-x64

10

5f0c8315f2...e8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    181s
  • max time network
    213s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220721-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-07-2022 22:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5f0c8315f2f19ff8a40ba018a4595ca5c25107d2929382b61ad970ad9081e2e8.exe

  • Size

    444KB

  • MD5

    3a23f339d858b6a7ab80e55b17a62359

  • SHA1

    4131bf4362d355287d98aa8abfa4d4565249e56d

  • SHA256

    5f0c8315f2f19ff8a40ba018a4595ca5c25107d2929382b61ad970ad9081e2e8

  • SHA512

    db021a01b2d52203e803f1a3b3ff968af66981a2e5ef7b35df0773aeb7a8d62df90dfebf01e78f63d67493c0870b6d010b9656be09f41433baa3c32d5eb9bf69

Score
10/10
osirisbankerbotnet

Malware Config

Signatures

  • Osiris
    bankerbotnetosiris
  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications 1 TTPs

    Malware can proxy its traffic through Tor for more anonymity.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f0c8315f2f19ff8a40ba018a4595ca5c25107d2929382b61ad970ad9081e2e8.exe
    "C:\Users\Admin\AppData\Local\Temp\5f0c8315f2f19ff8a40ba018a4595ca5c25107d2929382b61ad970ad9081e2e8.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4216
    • C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
      "C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe"
      2⤵
      • Executes dropped EXE
      PID:1292

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

1
T1090

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
    Filesize

    3KB

    MD5

    b4cd27f2b37665f51eb9fe685ec1d373

    SHA1

    7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0

    SHA256

    91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581

    SHA512

    e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
    Filesize

    3KB

    MD5

    b4cd27f2b37665f51eb9fe685ec1d373

    SHA1

    7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0

    SHA256

    91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581

    SHA512

    e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\x64btit.txt
    Filesize

    28B

    MD5

    e1d31839eb02656cfc1a29bfde2a55a6

    SHA1

    64b229f1bfadc7ad4dbeb253417c391700fda7b3

    SHA256

    3e69497a43b8c89389fb597d662ae15a314454601e2eb702b8c3d0cfb904cb74

    SHA512

    ee7578f43d14c763fb8eb85a581b1f48d42a4d7dc053484288eafe3a1d7821d527f5da70fc7c39534aacda401d7820c80644b0d6b418e9a6eb56e1b9e13ef9cc

    Download Submit
  • memory/1292-136-0x0000000000000000-mapping.dmp
    Download
  • memory/4216-131-0x0000000000400000-0x000000000047C000-memory.dmp
    Filesize

    496KB

    Download
  • memory/4216-132-0x000000000063A000-0x000000000068F000-memory.dmp
    Filesize

    340KB

    Download
  • memory/4216-133-0x00000000005A0000-0x00000000005F4000-memory.dmp
    Filesize

    336KB

    Download
  • memory/4216-134-0x0000000000400000-0x000000000047C000-memory.dmp
    Filesize

    496KB

    Download
  • memory/4216-135-0x00000000009E0000-0x0000000000A7F000-memory.dmp
    Filesize

    636KB

    Download
  • memory/4216-139-0x000000000063A000-0x000000000068F000-memory.dmp
    Filesize

    340KB

    Download
  • memory/4216-141-0x0000000000400000-0x000000000047C000-memory.dmp
    Filesize

    496KB

    Download
  • memory/4216-142-0x00000000009E0000-0x0000000000A7F000-memory.dmp
    Filesize

    636KB

    Download