osiris | d35a443020e5393e1985dabbb79adcf320f095994cd67a8910e460540261764d | Triage

Sharing

General

Target

d35a443020e5393e1985dabbb79adcf320f095994cd67a8910e460540261764d
Size

462KB
Sample

220731-hbbthadgaj
MD5

d86db78703a67e806cc536a97c0fed8d
SHA1

29fc516816dc5693ae2e831a06ed4617d3776f2e
SHA256

d35a443020e5393e1985dabbb79adcf320f095994cd67a8910e460540261764d
SHA512

3fb472580e99c8f466513168af340ff5b2dea931989e0d041723c478d146c8aa60e7ca0769c7351d92c2dab38185dcc7aa7d6f55da32621034cf9e7d175db3b5

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  d35a443020e5393e1985dabbb79adcf320f095994cd67a8910e460540261764d
- Size
  
  462KB
- MD5
  
  d86db78703a67e806cc536a97c0fed8d
- SHA1
  
  29fc516816dc5693ae2e831a06ed4617d3776f2e
- SHA256
  
  d35a443020e5393e1985dabbb79adcf320f095994cd67a8910e460540261764d
- SHA512
  
  3fb472580e99c8f466513168af340ff5b2dea931989e0d041723c478d146c8aa60e7ca0769c7351d92c2dab38185dcc7aa7d6f55da32621034cf9e7d175db3b5
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet