osiris | ee99bc6af133dcf82be60f53a74e7bdf66406c93d5961adcc8970c322f78c3df | Triage

Sharing

General

Target

ee99bc6af133dcf82be60f53a74e7bdf66406c93d5961adcc8970c322f78c3df
Size

498KB
Sample

220725-ffwncsfcg2
MD5

7b3e3aa6979158c6c1233a3ba57a0f79
SHA1

5eae3e768bc8c12076642e890378d0509165d294
SHA256

ee99bc6af133dcf82be60f53a74e7bdf66406c93d5961adcc8970c322f78c3df
SHA512

791be27d308ee8f946b6b874d0808799e1f2b0f2dfde82dae29af345a0de4eb48ed195dbd3bc2db1f203441c1e6322e568c8d99cc9390028a489dd5dd171418f

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  ee99bc6af133dcf82be60f53a74e7bdf66406c93d5961adcc8970c322f78c3df
- Size
  
  498KB
- MD5
  
  7b3e3aa6979158c6c1233a3ba57a0f79
- SHA1
  
  5eae3e768bc8c12076642e890378d0509165d294
- SHA256
  
  ee99bc6af133dcf82be60f53a74e7bdf66406c93d5961adcc8970c322f78c3df
- SHA512
  
  791be27d308ee8f946b6b874d0808799e1f2b0f2dfde82dae29af345a0de4eb48ed195dbd3bc2db1f203441c1e6322e568c8d99cc9390028a489dd5dd171418f
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet