osiris | 7f873b175b5050bc9c7ac8ca9c5dd029f09e29a8096e6e418318d482365f6ccc | Triage

Sharing

General

Target

7f873b175b5050bc9c7ac8ca9c5dd029f09e29a8096e6e418318d482365f6ccc
Size

433KB
Sample

240416-qx4emsda3w
MD5

63c14ad98efd7d302395b3316faaac67
SHA1

efe41d48180f5ebf2f3069e34becae696dc297d1
SHA256

7f873b175b5050bc9c7ac8ca9c5dd029f09e29a8096e6e418318d482365f6ccc
SHA512

6510a438c8fc068325be5b421c396b6ddfc34843467f6e34e0ccf8efabcc30d4a47702fd53b1d58f6f64f75860182598f8a184f5c4279c4bfa912b1c672f4f3c
SSDEEP

12288:TpT7XP/efWnZyhNrQfCs8wvPvRACqOlrobCWoPzTsiBRJsc7nDLqnuFN:TpfXoQP22lMbC5PzT7LLnDL+uFN

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  7f873b175b5050bc9c7ac8ca9c5dd029f09e29a8096e6e418318d482365f6ccc
- Size
  
  433KB
- MD5
  
  63c14ad98efd7d302395b3316faaac67
- SHA1
  
  efe41d48180f5ebf2f3069e34becae696dc297d1
- SHA256
  
  7f873b175b5050bc9c7ac8ca9c5dd029f09e29a8096e6e418318d482365f6ccc
- SHA512
  
  6510a438c8fc068325be5b421c396b6ddfc34843467f6e34e0ccf8efabcc30d4a47702fd53b1d58f6f64f75860182598f8a184f5c4279c4bfa912b1c672f4f3c
- SSDEEP
  
  12288:TpT7XP/efWnZyhNrQfCs8wvPvRACqOlrobCWoPzTsiBRJsc7nDLqnuFN:TpfXoQP22lMbC5PzT7LLnDL+uFN
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet

behavioral3

osirisbankerbotnet

behavioral4

osirisbankerbotnet