osiris | 5a3a69a57da03bd1c26fe525e51df51b391c1556cb013bb7e411ccaead253fb9 | Triage

Sharing

General

Target

c27131bdcd5cb27339af4833ab139305
Size

566KB
Sample

231222-rsqhnacgf5
MD5

c27131bdcd5cb27339af4833ab139305
SHA1

4dcbc9009b87fbee794a911879997156b8a61d8e
SHA256

5a3a69a57da03bd1c26fe525e51df51b391c1556cb013bb7e411ccaead253fb9
SHA512

91ac3e5c6e476146e38df502c233dc45d3f54ff6c7e9e628fbc570c8323dc046a950baf32b4bbedf7bc6d9c509309d8e4fbcf69bf5f1616e535ca933f0945477
SSDEEP

12288:Bz4ubZCXMtdUKat+YH7/yJ2je3rojGvB/WaEYvWr:pjOMtd1a/yl3KOj+

Score

10^/10

osiris banker botnet persistence

Malware Config

Targets

- Target
  
  c27131bdcd5cb27339af4833ab139305
- Size
  
  566KB
- MD5
  
  c27131bdcd5cb27339af4833ab139305
- SHA1
  
  4dcbc9009b87fbee794a911879997156b8a61d8e
- SHA256
  
  5a3a69a57da03bd1c26fe525e51df51b391c1556cb013bb7e411ccaead253fb9
- SHA512
  
  91ac3e5c6e476146e38df502c233dc45d3f54ff6c7e9e628fbc570c8323dc046a950baf32b4bbedf7bc6d9c509309d8e4fbcf69bf5f1616e535ca933f0945477
- SSDEEP
  
  12288:Bz4ubZCXMtdUKat+YH7/yJ2je3rojGvB/WaEYvWr:pjOMtd1a/yl3KOj+
Score

10^/10

osiris banker botnet persistence
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Proxy

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

osirisbankerbotnetpersistence

behavioral2

osirisbankerbotnetpersistence