osiris | 0d693ddf07367bfa97336e477fb86ed96ea42d42a506dd4488c110e8cf6d94cc | Triage

Sharing

General

Target

15289956516.zip
Size

428KB
Sample

240222-v4benada3y
MD5

6e8ecf500ee5b6bdac34f0593236d014
SHA1

e5a20e099cfe70cd3161d464d20e7d12b491ac3e
SHA256

0d693ddf07367bfa97336e477fb86ed96ea42d42a506dd4488c110e8cf6d94cc
SHA512

9e70352c33fbbbf552fe60878ec094aa622fbe3a7cc62d03f09ed2c42f86d1cfb514d1a96fc109758d739befe6c2a0027237a3fb0930cf78ef9e5a96aaec62c1
SSDEEP

12288:uhhAFcWtb57uVItRXGzdKPvKW+rySJgPenyHDCHa:jcWtJtGkHKWCJg06

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  7899f735e7bfd0a60de5660caef1016eba0064c3749cd0a95ed21dfc78c3e553
- Size
  
  608KB
- MD5
  
  349d95db210e29908ae9207179cff53f
- SHA1
  
  c6148e205bdb6ab326929243140294330256d78b
- SHA256
  
  7899f735e7bfd0a60de5660caef1016eba0064c3749cd0a95ed21dfc78c3e553
- SHA512
  
  29ccd04494919074763ca0a68d5b6506582a039a39aeab5c71ccd8bcb548373296750c2f3b82a53caf857c26161def71223e7da8f842bce9868c5aa3e8825687
- SSDEEP
  
  12288:vrP4Xm1kb+26DFVYez7HvmZqq5Igis0jlTOrDFBv0m0LSl9:vL4Xm1CR6hVPz7Hv4v10YrDFlJVT
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet