osiris | 6392b4578b3ae0dc27dc616e45347b2396425d90ec92f6ad28ef4af355c19a72 | Triage

Sharing

General

Target

6392b4578b3ae0dc27dc616e45347b2396425d90ec92f6ad28ef4af355c19a72
Size

623KB
Sample

220731-hbe6xscgf2
MD5

80193d630c9767cfa8f78234b5d2dbd5
SHA1

3c9e6af76e6e2cf3009ffe61a5525d1052e73b93
SHA256

6392b4578b3ae0dc27dc616e45347b2396425d90ec92f6ad28ef4af355c19a72
SHA512

dd296b327e464590a4024a52512a64d24d4af09e0f5fa94ab3526856eb6e4eacc10e92579687543eb1d5bbc7c5c67d3e098574ba4e8c785d26eb4c21c6bd8203

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  6392b4578b3ae0dc27dc616e45347b2396425d90ec92f6ad28ef4af355c19a72
- Size
  
  623KB
- MD5
  
  80193d630c9767cfa8f78234b5d2dbd5
- SHA1
  
  3c9e6af76e6e2cf3009ffe61a5525d1052e73b93
- SHA256
  
  6392b4578b3ae0dc27dc616e45347b2396425d90ec92f6ad28ef4af355c19a72
- SHA512
  
  dd296b327e464590a4024a52512a64d24d4af09e0f5fa94ab3526856eb6e4eacc10e92579687543eb1d5bbc7c5c67d3e098574ba4e8c785d26eb4c21c6bd8203
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet