osiris | b925c85f01a5623f5c117ef862984252376c761f3ab5a3413c217823c1a67421 | Triage

Sharing

General

Target

b925c85f01a5623f5c117ef862984252376c761f3ab5a3413c217823c1a67421
Size

724KB
Sample

220724-v12gnscfgj
MD5

d3a09aed1ef8d187dbdb7a425058ffc3
SHA1

2904d28d295160f8ac6ae4234e9c9cfd3af5f680
SHA256

b925c85f01a5623f5c117ef862984252376c761f3ab5a3413c217823c1a67421
SHA512

6bbeca556699d36672b46b476d1d5ca8ae9ed95627afea53054c99e2cee6140409a23603ecb96a1d6f59d257f24d2303b2c2fca1600b56ef15dfb11bbb00883b

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  b925c85f01a5623f5c117ef862984252376c761f3ab5a3413c217823c1a67421
- Size
  
  724KB
- MD5
  
  d3a09aed1ef8d187dbdb7a425058ffc3
- SHA1
  
  2904d28d295160f8ac6ae4234e9c9cfd3af5f680
- SHA256
  
  b925c85f01a5623f5c117ef862984252376c761f3ab5a3413c217823c1a67421
- SHA512
  
  6bbeca556699d36672b46b476d1d5ca8ae9ed95627afea53054c99e2cee6140409a23603ecb96a1d6f59d257f24d2303b2c2fca1600b56ef15dfb11bbb00883b
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet