osiris | b9761457ad9ad14ec676a5077376aa084b8c8e1cc2bdc9748fa407bd7de8686e | Triage

Sharing

General

Target

4050f030ef2f4ba2751b526d252f9d82
Size

566KB
Sample

231222-bftfsacfc3
MD5

4050f030ef2f4ba2751b526d252f9d82
SHA1

362b74934fc4f8799478c761d71e79814920c205
SHA256

b9761457ad9ad14ec676a5077376aa084b8c8e1cc2bdc9748fa407bd7de8686e
SHA512

2f6059c04161f5520c496d762c4df91e2366d203c02167d8780c2b4ca8af002a7773e74cb4575dec5050f0a5c3ef5e52302b1d3ed41878ad4b741021e86b2947
SSDEEP

12288:Bz4ubZCXMtdUKat+YH7/yJ2je3rojGvB/WaEYvWC:pjOMtd1a/yl3KOj7

Score

10^/10

osiris banker botnet persistence

Malware Config

Targets

- Target
  
  4050f030ef2f4ba2751b526d252f9d82
- Size
  
  566KB
- MD5
  
  4050f030ef2f4ba2751b526d252f9d82
- SHA1
  
  362b74934fc4f8799478c761d71e79814920c205
- SHA256
  
  b9761457ad9ad14ec676a5077376aa084b8c8e1cc2bdc9748fa407bd7de8686e
- SHA512
  
  2f6059c04161f5520c496d762c4df91e2366d203c02167d8780c2b4ca8af002a7773e74cb4575dec5050f0a5c3ef5e52302b1d3ed41878ad4b741021e86b2947
- SSDEEP
  
  12288:Bz4ubZCXMtdUKat+YH7/yJ2je3rojGvB/WaEYvWC:pjOMtd1a/yl3KOj7
Score

10^/10

osiris banker botnet persistence
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

osirisbankerbotnetpersistence

behavioral2

osirisbankerbotnetpersistence