osiris | ac9db121f9bffe93135fc8409d427bb1d555430cad35db2dcc37af0477d95e6f | Triage

Submit
Reports

Overview

overview

Static

static

ac9db121f9...6f.exe

windows7-x64

ac9db121f9...6f.exe

windows10-2004-x64

Sharing

General

Target

ac9db121f9bffe93135fc8409d427bb1d555430cad35db2dcc37af0477d95e6f
Size

1.7MB
Sample

221130-sflvdaag97
MD5

be05248b4cb0985b2c65804f548db8d3
SHA1

bdd6009bcf09fb52d8ec2664a48dfb3d5e90d988
SHA256

ac9db121f9bffe93135fc8409d427bb1d555430cad35db2dcc37af0477d95e6f
SHA512

d6334fcf4db525e018040ec839163f9b330885746ae52935e4269b43602a3ec1f37ad274014c6d1f09d2c05140677150135526ae677a2b25f879a903f8c994bd
SSDEEP

24576:FxBZxrdKk7Siu3mcZVTVkoHYxiJDo5eantrwHsD8Xw2ugSG9EkCu1vDewil4Ml5l:HhdKJBZVT+f35RdI3vEkZpDe7OMB

Score

10^/10

osiris banker botnet

Static task

static1

Behavioral task

behavioral1

Sample

ac9db121f9bffe93135fc8409d427bb1d555430cad35db2dcc37af0477d95e6f.exe

Resource

win7-20220812-en

osiris banker botnet

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

ac9db121f9bffe93135fc8409d427bb1d555430cad35db2dcc37af0477d95e6f.exe

Resource

win10v2004-20220812-en

osiris banker botnet

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  ac9db121f9bffe93135fc8409d427bb1d555430cad35db2dcc37af0477d95e6f
- Size
  
  1.7MB
- MD5
  
  be05248b4cb0985b2c65804f548db8d3
- SHA1
  
  bdd6009bcf09fb52d8ec2664a48dfb3d5e90d988
- SHA256
  
  ac9db121f9bffe93135fc8409d427bb1d555430cad35db2dcc37af0477d95e6f
- SHA512
  
  d6334fcf4db525e018040ec839163f9b330885746ae52935e4269b43602a3ec1f37ad274014c6d1f09d2c05140677150135526ae677a2b25f879a903f8c994bd
- SSDEEP
  
  24576:FxBZxrdKk7Siu3mcZVTVkoHYxiJDo5eantrwHsD8Xw2ugSG9EkCu1vDewil4Ml5l:HhdKJBZVT+f35RdI3vEkZpDe7OMB
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet

© 2018-2024

Terms | Privacy