osiris | ac8ec076126d9905b8a3e677c94607c356bd5418092ac00b25de85cad02f6380 | Triage

Resubmissions

17-03-2024 04:56

240317-fkpqlseg53 10

Sharing

General

Target

cffa8abc1bd0d8409d62b1adb675a6d3
Size

434KB
Sample

240414-r75k5ahd82
MD5

cffa8abc1bd0d8409d62b1adb675a6d3
SHA1

37e8bc4d8ffc6ff4256a82bc057960e2cbb022e1
SHA256

ac8ec076126d9905b8a3e677c94607c356bd5418092ac00b25de85cad02f6380
SHA512

7112efdbc879550dd33ddf47f50d44e2ea4ab1e98d2d5d1c48a7f16dc949154228c933095e99050fea61970897c671195f9674bcdece090dc8a0a520e8bc9841
SSDEEP

12288:rXPcLcbGfVylwG/ZDCK/ScBXo8TsyMkKMY8m7WOK9SATTsx/SA/WegYfdNbrqnuk:rXh6XcBXo8TsL8Y8m/ATTySA/DrfdNbC

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  cffa8abc1bd0d8409d62b1adb675a6d3
- Size
  
  434KB
- MD5
  
  cffa8abc1bd0d8409d62b1adb675a6d3
- SHA1
  
  37e8bc4d8ffc6ff4256a82bc057960e2cbb022e1
- SHA256
  
  ac8ec076126d9905b8a3e677c94607c356bd5418092ac00b25de85cad02f6380
- SHA512
  
  7112efdbc879550dd33ddf47f50d44e2ea4ab1e98d2d5d1c48a7f16dc949154228c933095e99050fea61970897c671195f9674bcdece090dc8a0a520e8bc9841
- SSDEEP
  
  12288:rXPcLcbGfVylwG/ZDCK/ScBXo8TsyMkKMY8m7WOK9SATTsx/SA/WegYfdNbrqnuk:rXh6XcBXo8TsL8Y8m/ATTySA/DrfdNbC
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet

behavioral3

behavioral4

osirisbankerbotnet