Overview

overview

10

Static

static

8

bbc8642f18...14.exe

windows7-x64

10

bbc8642f18...14.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bbc8642f184ca267648daa057474219899d5ba04f5cef9e530eef99ce1bb9514

  • Size

    671KB

  • Sample

    220725-ahvaesehgp

  • MD5

    f6bdf58f0ab7ea76f7527953be3c514f

  • SHA1

    63f86c1d575bdcf1b6ac196daf5d6d641340e260

  • SHA256

    bbc8642f184ca267648daa057474219899d5ba04f5cef9e530eef99ce1bb9514

  • SHA512

    9b7eea48364d750f8fb42951f70e8368e8e537389852c62b79c63302e8635bdfd8a99bf462ffee4af595eeebea3053cef14d38f940ab076c114abe5c438a35e3

Score
10/10
osirisbankerbotnetupx

Malware Config

Targets

    • Target

      bbc8642f184ca267648daa057474219899d5ba04f5cef9e530eef99ce1bb9514

    • Size

      671KB

    • MD5

      f6bdf58f0ab7ea76f7527953be3c514f

    • SHA1

      63f86c1d575bdcf1b6ac196daf5d6d641340e260

    • SHA256

      bbc8642f184ca267648daa057474219899d5ba04f5cef9e530eef99ce1bb9514

    • SHA512

      9b7eea48364d750f8fb42951f70e8368e8e537389852c62b79c63302e8635bdfd8a99bf462ffee4af595eeebea3053cef14d38f940ab076c114abe5c438a35e3

    Score
    10/10
    osirisbankerbotnetupx

    • Osiris

      bankerbotnetosiris

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

1
T1090

Impact

Tasks