Overview

overview

10

Static

static

3

SecuriteIn...92.exe

windows7-x64

10

SecuriteIn...92.exe

windows10-1703-x64

10

SecuriteIn...92.exe

windows10-2004-x64

7

SecuriteIn...92.exe

windows11-21h2-x64

10

Resubmissions

18-04-2024 08:49

240418-krfthagd74 10

18-04-2024 08:48

240418-kqsrnsgd65 10

18-04-2024 08:48

240418-kqr55shg3z 10

18-04-2024 08:48

240418-kqmwesgd62 10

18-04-2024 08:48

240418-kqmknahg3w 10

Analysis

  • max time kernel
    150s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14-04-2024 14:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SecuriteInfo.com.BackDoor.Rat.281.18292.exe

  • Size

    1.4MB

  • MD5

    793707365df26450bc8642f518a540f0

  • SHA1

    66649127ad784288c393992971a197c10f86a8eb

  • SHA256

    7131d78da58eb6b54db8466e0c09d7173da6f05c5615841a73dc6a032648a217

  • SHA512

    550374f2b3963e99bbfa445236e2921d288e67e00b4425a3bfedba0b72bd2fe6027af484c8f7e143471e16738dd9f129c91e467e157e29a911f1ad44d2775695

  • SSDEEP

    24576:8Ec46GnhPe4h/N5m8loOoYJ/HRz1IgRizQJYiEH0YSXHZTNbf86:8EBQ2xrVEcXfbf86

Score
10/10
osirisbankerbotnet

Malware Config

Signatures

  • Osiris
    bankerbotnetosiris
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications 1 TTPs

    Malware can proxy its traffic through Tor for more anonymity.

  • Drops file in Windows directory 1 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BackDoor.Rat.281.18292.exe
    "C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BackDoor.Rat.281.18292.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Windows\SysWOW64\ipconfig.exe
      "C:\Windows\system32\ipconfig.exe"
      2⤵
      • Loads dropped DLL
      • Gathers network information
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:2624
      • C:\Users\Admin\AppData\Local\Temp\cmd.exe
        "C:\Users\Admin\AppData\Local\Temp\cmd.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:2956
        • C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
          "C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe"
          4⤵
          • Executes dropped EXE
          PID:1976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe
    Filesize

    3KB

    MD5

    b4cd27f2b37665f51eb9fe685ec1d373

    SHA1

    7f08febf0fdb7fc9f8bf35a10fb11e7de431abe0

    SHA256

    91f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581

    SHA512

    e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\x64btit.txt
    Filesize

    28B

    MD5

    e10d4a41e2cf5f61a93953c258fac4c2

    SHA1

    9f74d27b556e0ce02ebc782392d68daa5026d6e7

    SHA256

    00854b9529c4455024d39081d659655f2da411ee8862f88d4dd13a2bac1da927

    SHA512

    25bfca76766a62f80dc6e6c19f97c94afc121c52c4fa2001a310bb9b488ac6af35a3f774d8b3ca432265773891b6b7be4ad547f8128f9616248e5df7087775d5

    Download Submit

  • \Users\Admin\AppData\Local\Temp\cmd.exe
    Filesize

    295KB

    MD5

    ad7b9c14083b52bc532fba5948342b98

    SHA1

    ee8cbf12d87c4d388f09b4f69bed2e91682920b5

    SHA256

    17f746d82695fa9b35493b41859d39d786d32b23a9d2e00f4011dec7a02402ae

    SHA512

    e12aad20c824187b39edb3c7943709290b5ddbf1b4032988db46f2e86da3cf7e7783f78c82e4dc5da232f666b8f9799a260a1f8e2694eb4d0cdaf78da710fde1

    Download Submit

  • memory/2512-31-0x00000000003E0000-0x00000000003E9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2512-24-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2512-3-0x0000000000400000-0x000000000056D000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2512-1-0x00000000003E0000-0x00000000003E9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2512-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2624-22-0x0000000000500000-0x0000000000508000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2624-23-0x0000000004440000-0x00000000044C2000-memory.dmp

    Filesize

    520KB

    Download

  • memory/2624-25-0x0000000077480000-0x0000000077629000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2624-41-0x0000000004440000-0x00000000044C2000-memory.dmp

    Filesize

    520KB

    Download

  • memory/2624-2-0x00000000000D0000-0x00000000000D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2956-45-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-57-0x0000000010000000-0x0000000010016000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2956-44-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-35-0x0000000000190000-0x0000000000197000-memory.dmp

    Filesize

    28KB

    Download

  • memory/2956-46-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-47-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-34-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-49-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-59-0x0000000000510000-0x000000000052F000-memory.dmp

    Filesize

    124KB

    Download

  • memory/2956-36-0x0000000077480000-0x0000000077629000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/2956-33-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-61-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-62-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-63-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-64-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-66-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-68-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-70-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download

  • memory/2956-72-0x0000000000400000-0x000000000049F000-memory.dmp

    Filesize

    636KB

    Download