osiris | 53aa312eac26534eb4c16c8aa3204d563d53bd9a35ff30e87befbe807425a15a | Triage

Sharing

General

Target

6e87920901733dfba325374f8efa34f2
Size

444KB
Sample

240122-dc3ldsfch3
MD5

6e87920901733dfba325374f8efa34f2
SHA1

ac2639d07fb721002265b91d23f44dece3c2ea79
SHA256

53aa312eac26534eb4c16c8aa3204d563d53bd9a35ff30e87befbe807425a15a
SHA512

960aca36f0fd8854ce90714eec559072cb73330658b9a5a7129fda692c4c352a1a99251759f9f3feff06aa04e46f8469a277cfa041a35bef797211a29097f534
SSDEEP

12288:sqiNL0Y/eQ2ZaOpTYP+Xjn+sX9eK+ySCs:sxNL0Y/ezauYP+FX9t+z1

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  6e87920901733dfba325374f8efa34f2
- Size
  
  444KB
- MD5
  
  6e87920901733dfba325374f8efa34f2
- SHA1
  
  ac2639d07fb721002265b91d23f44dece3c2ea79
- SHA256
  
  53aa312eac26534eb4c16c8aa3204d563d53bd9a35ff30e87befbe807425a15a
- SHA512
  
  960aca36f0fd8854ce90714eec559072cb73330658b9a5a7129fda692c4c352a1a99251759f9f3feff06aa04e46f8469a277cfa041a35bef797211a29097f534
- SSDEEP
  
  12288:sqiNL0Y/eQ2ZaOpTYP+Xjn+sX9eK+ySCs:sxNL0Y/ezauYP+FX9t+z1
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet