osiris | f02855ac22e67f1ad9d4c001c86bdfc62f892a5895dac27cdeff02153853396f | Triage

Sharing

General

Target

11bc61071af789ba85c6fc3661dd6b8d_JaffaCakes118
Size

600KB
Sample

240504-jktw4sff3v
MD5

11bc61071af789ba85c6fc3661dd6b8d
SHA1

2a080fabc7b2da3fec8b189dbb375949d3cb334b
SHA256

f02855ac22e67f1ad9d4c001c86bdfc62f892a5895dac27cdeff02153853396f
SHA512

1e92e686b756ca1e1cae1b461765b8b2102e723cdd7a20ad668e053c5fcb3a177c83f950a082750712df41347bce503bdaa33738f66508bd75840ebe2c17aff3
SSDEEP

12288:+qlRw5IyPaV1qvXhTDdyayL4NQ/BBXRGJl7TXtaWwyITXf30ebIQ:+gvV1IhALVBBXReobTXftbIQ

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  11bc61071af789ba85c6fc3661dd6b8d_JaffaCakes118
- Size
  
  600KB
- MD5
  
  11bc61071af789ba85c6fc3661dd6b8d
- SHA1
  
  2a080fabc7b2da3fec8b189dbb375949d3cb334b
- SHA256
  
  f02855ac22e67f1ad9d4c001c86bdfc62f892a5895dac27cdeff02153853396f
- SHA512
  
  1e92e686b756ca1e1cae1b461765b8b2102e723cdd7a20ad668e053c5fcb3a177c83f950a082750712df41347bce503bdaa33738f66508bd75840ebe2c17aff3
- SSDEEP
  
  12288:+qlRw5IyPaV1qvXhTDdyayL4NQ/BBXRGJl7TXtaWwyITXf30ebIQ:+gvV1IhALVBBXReobTXftbIQ
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet