osiris | cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c

Resubmissions

17-04-2024 12:27

240417-pm674seg85 10

17-04-2024 12:27

17-04-2024 12:27

17-04-2024 12:27

17-04-2024 12:27

17-04-2024 06:33

Analysis

max time kernel
1800s
max time network
1800s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 12:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
Size

312KB
MD5

f765a6eb1642a430e5c4ab00b959af92
SHA1

122a578748d3183369facb7fcf485c7a02bf278d
SHA256

cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c
SHA512

79731e7631facb8c690937ebc4222ce5378a1189dc4203080400724e1ca6bb3b8b80e41f8e9a60a80481ad4af2e610bcd847d1dc44483c7aabbaad31869c8d59
SSDEEP

6144:XlYiCJDvVjZobnqLgib2V6jHnR+M/qhW/Xib459ZQ:VFol+rqUiiV6jH+hWC45Q

Score

10^/10

osiris banker botnet

Malware Config

Signatures

Osiris
banker botnet osiris

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
32	api.ipify.org
33	api.ipify.org

Uses Tor communications 1 TTPs
Malware can proxy its traffic through Tor for more anonymity.

Proxy
T1090

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3212	cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe

C:\Users\Admin\AppData\Local\Temp\cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe
"C:\Users\Admin\AppData\Local\Temp\cec838776d66eacc0b68564ca67ab214cf306f98408ab98a46dd0361d87fcc3c.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Proxy

T1090

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3212-0-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-1-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-2-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-3-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-4-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-7-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-8-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-10-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-11-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-6-0x00000000006C0000-0x00000000006C5000-memory.dmp

Filesize
20KB

Download
memory/3212-13-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-15-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-16-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-17-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-19-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-21-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-23-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-24-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-25-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-27-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-29-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-30-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-31-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-33-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-34-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-35-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-37-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-38-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-39-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-41-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-42-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-43-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-45-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-46-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-47-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-49-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-50-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-51-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-53-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-54-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-55-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-57-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-58-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download
memory/3212-59-0x00000000007B0000-0x000000000084A000-memory.dmp

Filesize
616KB

Download