osiris | c73b23c726a09b76cc18db29ac476fbf9aee7b3557841b99cf3937f626e46e3a | Triage

Sharing

General

Target

c73b23c726a09b76cc18db29ac476fbf9aee7b3557841b99cf3937f626e46e3a
Size

742KB
Sample

220724-vycersceen
MD5

ca30b0c1e038037eabfa5a09432c07af
SHA1

e6e01736c6f381ef493b769f374577d719f521d6
SHA256

c73b23c726a09b76cc18db29ac476fbf9aee7b3557841b99cf3937f626e46e3a
SHA512

eb9112fb692f5e2bf6b6819503f813a41ed053bd95e8a56b892ac10706fb2361dc0ea17aaa9843d37587108a70dcd5430673f08f721c0024d26d7046125661bf

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  c73b23c726a09b76cc18db29ac476fbf9aee7b3557841b99cf3937f626e46e3a
- Size
  
  742KB
- MD5
  
  ca30b0c1e038037eabfa5a09432c07af
- SHA1
  
  e6e01736c6f381ef493b769f374577d719f521d6
- SHA256
  
  c73b23c726a09b76cc18db29ac476fbf9aee7b3557841b99cf3937f626e46e3a
- SHA512
  
  eb9112fb692f5e2bf6b6819503f813a41ed053bd95e8a56b892ac10706fb2361dc0ea17aaa9843d37587108a70dcd5430673f08f721c0024d26d7046125661bf
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet