osiris | 84232b982982de6271ce4f7a79e42b6aa9c141d826f9bdf902ea2697ee9ebe1b | Triage

Sharing

General

Target

84232b982982de6271ce4f7a79e42b6aa9c141d826f9bdf902ea2697ee9ebe1b
Size

729KB
Sample

220724-x6dznsded9
MD5

ceafc5c7f3e853cd6649c80f98f14679
SHA1

ca8a755401d205f878a04b1d99ea52a8c15f5cc1
SHA256

84232b982982de6271ce4f7a79e42b6aa9c141d826f9bdf902ea2697ee9ebe1b
SHA512

d89c6486e71d6ca8a37021f78f7fac04e527e509899c9ca17165e923ace7294faab9d7b8861a2a5611270fbf691ea56e5e548ee99654d0d3a7a5d7161d5ed37e

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  84232b982982de6271ce4f7a79e42b6aa9c141d826f9bdf902ea2697ee9ebe1b
- Size
  
  729KB
- MD5
  
  ceafc5c7f3e853cd6649c80f98f14679
- SHA1
  
  ca8a755401d205f878a04b1d99ea52a8c15f5cc1
- SHA256
  
  84232b982982de6271ce4f7a79e42b6aa9c141d826f9bdf902ea2697ee9ebe1b
- SHA512
  
  d89c6486e71d6ca8a37021f78f7fac04e527e509899c9ca17165e923ace7294faab9d7b8861a2a5611270fbf691ea56e5e548ee99654d0d3a7a5d7161d5ed37e
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet