osiris | 942445dca67967c1d9f158586c3e449d963ecb9640ea17fc1beb5002eff1f3f8 | Triage

Sharing

General

Target

1d8b51edee94cad118b9e1366fc0c904_JaffaCakes118
Size

478KB
Sample

240506-vsvddsbd2t
MD5

1d8b51edee94cad118b9e1366fc0c904
SHA1

4f2d55b191f29f91c1f9c29ef5c8b95dfb857929
SHA256

942445dca67967c1d9f158586c3e449d963ecb9640ea17fc1beb5002eff1f3f8
SHA512

9db6fb135a7511ea4bc9844638e7dece15ae5ebeb2ca62c35340c75b5c2a24f2d49c5fd75a9f7a062165bac4e848641287ef526d8fafde91371aca263fca79d8
SSDEEP

12288:2QtoU4qOFyEbtFozXHZ7UPv3D/9Nijje9i/BAD:xtiqOFtbtFozXZ7UPPD/9QjaUJe

Score

10^/10

osiris banker botnet

Malware Config

Targets

- Target
  
  1d8b51edee94cad118b9e1366fc0c904_JaffaCakes118
- Size
  
  478KB
- MD5
  
  1d8b51edee94cad118b9e1366fc0c904
- SHA1
  
  4f2d55b191f29f91c1f9c29ef5c8b95dfb857929
- SHA256
  
  942445dca67967c1d9f158586c3e449d963ecb9640ea17fc1beb5002eff1f3f8
- SHA512
  
  9db6fb135a7511ea4bc9844638e7dece15ae5ebeb2ca62c35340c75b5c2a24f2d49c5fd75a9f7a062165bac4e848641287ef526d8fafde91371aca263fca79d8
- SSDEEP
  
  12288:2QtoU4qOFyEbtFozXHZ7UPv3D/9Nijje9i/BAD:xtiqOFtbtFozXZ7UPPD/9QjaUJe
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

osirisbankerbotnet

behavioral2

osirisbankerbotnet