Overview

overview

10

Static

static

1

46e1a6e33f...a6.exe

windows7-x64

10

46e1a6e33f...a6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    46e1a6e33fe29c1338cd240c39fe39a6

  • Size

    3.6MB

  • Sample

    231222-bw2r4acfdj

  • MD5

    46e1a6e33fe29c1338cd240c39fe39a6

  • SHA1

    564d545c54b7312f2bef4fac9b5a5a45083aeb99

  • SHA256

    4be881697b6f58b9320d567814d3ca3bbbe2b52b098c6d55492f39322b19e9de

  • SHA512

    7560b96b9827034d22e05953e98388c5177bd671e8a645260c8df285bfa5246c8167d0f3196ec32dd1b6146107f56fe26d9742ff34810d48ac86c1c1524b928d

  • SSDEEP

    49152:2pU1pIkY3RFCXgUG0xibD3QUaSalMG45TRVVqfMqJ7CdfAYQtTGC6:2psIbhYXJS3HaHM17Vqfz7sQtiz

Score
10/10
osirisbankerbotnet

Malware Config

Targets

    • Target

      46e1a6e33fe29c1338cd240c39fe39a6

    • Size

      3.6MB

    • MD5

      46e1a6e33fe29c1338cd240c39fe39a6

    • SHA1

      564d545c54b7312f2bef4fac9b5a5a45083aeb99

    • SHA256

      4be881697b6f58b9320d567814d3ca3bbbe2b52b098c6d55492f39322b19e9de

    • SHA512

      7560b96b9827034d22e05953e98388c5177bd671e8a645260c8df285bfa5246c8167d0f3196ec32dd1b6146107f56fe26d9742ff34810d48ac86c1c1524b928d

    • SSDEEP

      49152:2pU1pIkY3RFCXgUG0xibD3QUaSalMG45TRVVqfMqJ7CdfAYQtTGC6:2psIbhYXJS3HaHM17Vqfz7sQtiz

    Score
    10/10
    osirisbankerbotnet

    • Osiris

      bankerbotnetosiris

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Proxy

1
T1090

Impact

Resource Development

Reconnaissance

Tasks