osiris | f868ca3de0e202d0b2e9dffb9d9cc7f668f91cbe7a397cad6d951c7063ad1b68 | Triage

Resubmissions

02-04-2024 02:51

240402-dcgc6aee6z 10

02-04-2024 02:51

240402-db6xesfa29 10

02-04-2024 02:49

240402-da7gkaee21 10

02-04-2024 02:48

240402-daq5kseh73 10

02-04-2024 02:14

240402-cn2mssec25 10

19-12-2023 13:11

231219-qe316abbcr 10

Sharing

General

Target

2e8f4deb77b157067ae01fafb05c2605
Size

444KB
Sample

231219-qe316abbcr
MD5

2e8f4deb77b157067ae01fafb05c2605
SHA1

093c3d4965df93063f20bd6c5e0951b267e74daf
SHA256

f868ca3de0e202d0b2e9dffb9d9cc7f668f91cbe7a397cad6d951c7063ad1b68
SHA512

808dbffe05a7f4805d1f0d162e0251f86af94655db403533eb906cd5951abfec25f9574a914770fd4374f82de7b9dc8eec5997f649a13a156837adadb8d87344
SSDEEP

12288:sqiNL0Y/eQ2ZaOpTYP+Xjn+sX9eK+ySCm:sxNL0Y/ezauYP+FX9t+zv

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  2e8f4deb77b157067ae01fafb05c2605
- Size
  
  444KB
- MD5
  
  2e8f4deb77b157067ae01fafb05c2605
- SHA1
  
  093c3d4965df93063f20bd6c5e0951b267e74daf
- SHA256
  
  f868ca3de0e202d0b2e9dffb9d9cc7f668f91cbe7a397cad6d951c7063ad1b68
- SHA512
  
  808dbffe05a7f4805d1f0d162e0251f86af94655db403533eb906cd5951abfec25f9574a914770fd4374f82de7b9dc8eec5997f649a13a156837adadb8d87344
- SSDEEP
  
  12288:sqiNL0Y/eQ2ZaOpTYP+Xjn+sX9eK+ySCm:sxNL0Y/ezauYP+FX9t+zv
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Proxy

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet