Overview

overview

10

Static

static

7

e059e0ce5c...52.exe

windows7-x64

10

e059e0ce5c...52.exe

windows10-2004-x64

10

out.exe

windows7-x64

3

out.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7b24e1100cf26836bdee9f4441a0d190-sample.zip

  • Size

    561KB

  • Sample

    230616-2krqvsgf71

  • MD5

    6e8cfef6e706ea8721dd6157692ee4aa

  • SHA1

    f27100d4ae0cc7a709d59d46ffe9658346bc6c75

  • SHA256

    cd25891454b9b01b1cea5404f647b1b4b24d4ca57b2ed751aa9f955dcf3808bd

  • SHA512

    2665bda58a4d50f64920087ac671817bda63d0fcac0abab70b60d0896799807f5dfdbf01ea4c67363134d99ab2389be2b4205ac5f3b09d8fc3c14126daaa797a

  • SSDEEP

    12288:+ecC1lpC6Vkz8kvqhyE+knAjDsnk2hs8s07gOEcNe3WulyTSzQ:+etRr+XWkEs07gOEQ1

Score
10/10
osirisbankerbotnetupx

Malware Config

Targets

    • Target

      e059e0ce5cbd7a48c8d72d296fd96d56b2cd568c9f26598753393f19f1eb9352

    • Size

      609KB

    • MD5

      873140fced1cb8fe65b98a98dfcb6c98

    • SHA1

      5703da2b3b86fcb716358b195f5a6f73e66ef821

    • SHA256

      e059e0ce5cbd7a48c8d72d296fd96d56b2cd568c9f26598753393f19f1eb9352

    • SHA512

      7687b46785062c3edf19f471912e77925e277fdfc0875b66c00894b345dfeec120c8e4cefcd8af9bccfea044f8f6507ae4f15f02b7b0445e286160c6f1b44a8c

    • SSDEEP

      12288:KZ543M5v7Kc3ygT2lXVCllX8peI7cQitqUmyq+1pmhR:SUiL3yjXUlu0I7vitqUmyq+1paR

    Score
    10/10
    osirisbankerbotnet

    • Osiris

      bankerbotnetosiris

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2

    • Target

      out.upx

    • Size

      1.3MB

    • MD5

      c0f930e3cfca3d5716c93aa0968b35ce

    • SHA1

      116aefecfdbd5930701ce97fc3581e4cc9a0c983

    • SHA256

      0fc057dfab0e1fc2a5dcf659dd26dfb2e28405f3d35dbfc641b8947f23732013

    • SHA512

      24575c1df74d4c292da21b5118d889c4b6a9782cf3ad131b1c88867f2d207068fb77da5dd93615c477360b47905a234c0faae20d954c7522da351733d47de077

    • SSDEEP

      12288:8D0YxtHgcj3DKjs16MKYIjhy+AC5j6voNq:8QYxtHiEEYIjhyQj6voNq

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

1
T1090

Impact

Tasks