osiris | 35ab1255eadd6fe280ed93941158dec5a838e775b29102a3b8fe38c21a868322 | Triage

Sharing

General

Target

c34cecf908dddaaf8ad69098c028955d
Size

435KB
Sample

231220-rjkk2sbag9
MD5

c34cecf908dddaaf8ad69098c028955d
SHA1

2bbfb5368bf32468f0cc2e5a830fde72cd4cd839
SHA256

35ab1255eadd6fe280ed93941158dec5a838e775b29102a3b8fe38c21a868322
SHA512

76d0e259dd54d889f7fcaada9e4cbd6d0a56b07df175c8519f0b887fc1804ca9777e386586b54693f83544fb727cc2d64eae4e4974e189bbb50cd7a8f7e414e0
SSDEEP

12288:rXPcLcbGfVylwG/ZDCK/ScBXo8TsyMkKMY8m7WOK95OTTsx/SA/WegYfdNbrqnuf:rXh6XcBXo8TsL8Y8m4OTTySA/DrfdNbt

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  c34cecf908dddaaf8ad69098c028955d
- Size
  
  435KB
- MD5
  
  c34cecf908dddaaf8ad69098c028955d
- SHA1
  
  2bbfb5368bf32468f0cc2e5a830fde72cd4cd839
- SHA256
  
  35ab1255eadd6fe280ed93941158dec5a838e775b29102a3b8fe38c21a868322
- SHA512
  
  76d0e259dd54d889f7fcaada9e4cbd6d0a56b07df175c8519f0b887fc1804ca9777e386586b54693f83544fb727cc2d64eae4e4974e189bbb50cd7a8f7e414e0
- SSDEEP
  
  12288:rXPcLcbGfVylwG/ZDCK/ScBXo8TsyMkKMY8m7WOK95OTTsx/SA/WegYfdNbrqnuf:rXh6XcBXo8TsL8Y8m4OTTySA/DrfdNbt
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Proxy

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet