osiris | a421dbbbe611e29fd6aabaeeeec678d90f718824c56c461373d9dce5d3cbe411 | Triage

Sharing

General

Target

a421dbbbe611e29fd6aabaeeeec678d90f718824c56c461373d9dce5d3cbe411
Size

726KB
Sample

220725-fmc5lafgel
MD5

1e7970f9ce96707c935c5df5940d1bc9
SHA1

e11e81a8984821c7a14101e49d76aac5ba13c473
SHA256

a421dbbbe611e29fd6aabaeeeec678d90f718824c56c461373d9dce5d3cbe411
SHA512

e40e4ad8538f8bba57112bbb723c1d67def46a828534a08da814250f4235de1485675dd1df44c7842d66a4a97e3f33029390d28c27617f6aa07a815e9df521d8

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  a421dbbbe611e29fd6aabaeeeec678d90f718824c56c461373d9dce5d3cbe411
- Size
  
  726KB
- MD5
  
  1e7970f9ce96707c935c5df5940d1bc9
- SHA1
  
  e11e81a8984821c7a14101e49d76aac5ba13c473
- SHA256
  
  a421dbbbe611e29fd6aabaeeeec678d90f718824c56c461373d9dce5d3cbe411
- SHA512
  
  e40e4ad8538f8bba57112bbb723c1d67def46a828534a08da814250f4235de1485675dd1df44c7842d66a4a97e3f33029390d28c27617f6aa07a815e9df521d8
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet