osiris | f02855ac22e67f1ad9d4c001c86bdfc62f892a5895dac27cdeff02153853396f | Triage

Sharing

General

Target

11bc61071af789ba85c6fc3661dd6b8d_JaffaCakes118
Size

600KB
Sample

240504-jktw4sff3v
MD5

11bc61071af789ba85c6fc3661dd6b8d
SHA1

2a080fabc7b2da3fec8b189dbb375949d3cb334b
SHA256

f02855ac22e67f1ad9d4c001c86bdfc62f892a5895dac27cdeff02153853396f
SHA512

1e92e686b756ca1e1cae1b461765b8b2102e723cdd7a20ad668e053c5fcb3a177c83f950a082750712df41347bce503bdaa33738f66508bd75840ebe2c17aff3
SSDEEP

12288:+qlRw5IyPaV1qvXhTDdyayL4NQ/BBXRGJl7TXtaWwyITXf30ebIQ:+gvV1IhALVBBXReobTXftbIQ

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  11bc61071af789ba85c6fc3661dd6b8d_JaffaCakes118
- Size
  
  600KB
- MD5
  
  11bc61071af789ba85c6fc3661dd6b8d
- SHA1
  
  2a080fabc7b2da3fec8b189dbb375949d3cb334b
- SHA256
  
  f02855ac22e67f1ad9d4c001c86bdfc62f892a5895dac27cdeff02153853396f
- SHA512
  
  1e92e686b756ca1e1cae1b461765b8b2102e723cdd7a20ad668e053c5fcb3a177c83f950a082750712df41347bce503bdaa33738f66508bd75840ebe2c17aff3
- SSDEEP
  
  12288:+qlRw5IyPaV1qvXhTDdyayL4NQ/BBXRGJl7TXtaWwyITXf30ebIQ:+gvV1IhALVBBXReobTXftbIQ
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Proxy

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet