osiris | ef12c751bb9d44b426bd66f656db123b054e7f9d0defa006369ac12c490cada0 | Triage

Sharing

General

Target

ef12c751bb9d44b426bd66f656db123b054e7f9d0defa006369ac12c490cada0
Size

445KB
Sample

220724-rjx65sfbb6
MD5

3e31963742308f6e8df538854490df9d
SHA1

9a6d43d5bddbbd42ba84ba2792f60a4ae9d49087
SHA256

ef12c751bb9d44b426bd66f656db123b054e7f9d0defa006369ac12c490cada0
SHA512

8703450533e1dc7e62914ad862552d4019fc37dbf2b895c261a1a554311a0304b1e5370e1fbeafe2fdeec635b6b860c7912948d37e8eb64f1f4e53ac2b8737ba

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  ef12c751bb9d44b426bd66f656db123b054e7f9d0defa006369ac12c490cada0
- Size
  
  445KB
- MD5
  
  3e31963742308f6e8df538854490df9d
- SHA1
  
  9a6d43d5bddbbd42ba84ba2792f60a4ae9d49087
- SHA256
  
  ef12c751bb9d44b426bd66f656db123b054e7f9d0defa006369ac12c490cada0
- SHA512
  
  8703450533e1dc7e62914ad862552d4019fc37dbf2b895c261a1a554311a0304b1e5370e1fbeafe2fdeec635b6b860c7912948d37e8eb64f1f4e53ac2b8737ba
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet