Overview

overview

10

Static

static

3

6f76d0c1fb...18.exe

windows7-x64

10

6f76d0c1fb...18.exe

windows10-2004-x64

10

$APPDATA/U...ui.dll

windows7-x64

1

$APPDATA/U...ui.dll

windows10-2004-x64

1

$APPDATA/U...en.exe

windows7-x64

1

$APPDATA/U...en.exe

windows10-2004-x64

1

$APPDATA/c...fswipe

ubuntu-22.04-amd64

1

$APPDATA/p...mp.dll

windows7-x64

1

$APPDATA/p...mp.dll

windows10-2004-x64

1

$APPDATA/u...ui.dll

windows7-x64

1

$APPDATA/u...ui.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/diaeresis.dll

windows7-x64

4

$TEMP/diaeresis.dll

windows10-2004-x64

4

$TEMP/name...pt.exe

windows7-x64

$TEMP/name...pt.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6f76d0c1fb88337cb281b250e2c178fd_JaffaCakes118

  • Size

    568KB

  • Sample

    240524-w95fcseh8w

  • MD5

    6f76d0c1fb88337cb281b250e2c178fd

  • SHA1

    c7b1e09633191070ee87a3d5bcd8e2ff3eb48151

  • SHA256

    0ab29a1c5c76e79998b45ddc32e3377d3f59bcd99a0f67f3e831ad02996c96b8

  • SHA512

    c54029e5999b21b631f150469de6ee07c852cf232e51255cc720f14994edcf4e17ded7b1ba6284da9a3afe921cb41700bd718b4983dc6705ae3e9975b59394b1

  • SSDEEP

    12288:1cUCnVQx9b6IRQGCvYC240ImI5b48EKlRg1TdyBurkF0MfkOMvlxiDF:1cUjfbHRQK/4vx16r5aRp

Score
10/10
osirisbankerbotnetlinux

Malware Config

Targets

    • Target

      6f76d0c1fb88337cb281b250e2c178fd_JaffaCakes118

    • Size

      568KB

    • MD5

      6f76d0c1fb88337cb281b250e2c178fd

    • SHA1

      c7b1e09633191070ee87a3d5bcd8e2ff3eb48151

    • SHA256

      0ab29a1c5c76e79998b45ddc32e3377d3f59bcd99a0f67f3e831ad02996c96b8

    • SHA512

      c54029e5999b21b631f150469de6ee07c852cf232e51255cc720f14994edcf4e17ded7b1ba6284da9a3afe921cb41700bd718b4983dc6705ae3e9975b59394b1

    • SSDEEP

      12288:1cUCnVQx9b6IRQGCvYC240ImI5b48EKlRg1TdyBurkF0MfkOMvlxiDF:1cUjfbHRQK/4vx16r5aRp

    Score
    10/10
    osirisbankerbotnet

    • Osiris

      bankerbotnetosiris

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2

    • Target

      $APPDATA/USER/doinstall/strFormId/logo/msdnmui.dll

    • Size

      29KB

    • MD5

      f217fe7e8cbbebc61930bd60cfaea1e9

    • SHA1

      18532b33579033f04b661a196d4ad5c0887f3736

    • SHA256

      8638015b2bbc5b04029749aeb78e14521b5928737ca5e03bbcc2c0ec1a47f6cf

    • SHA512

      b1633fe45c85f0e63fd0f293a3f71a80f6a8f059fbb3e1d17feac1ea7e5fce5d5d08207f08a163dd4543228556570e9a0bf06f34ca73f17ef9efa60f5fd3059c

    • SSDEEP

      768:A/MAM30cf+Mj4fIzdODwDp1Y94nqiRyW82CLorT:QHel+MFKEpqUqiYWBOq

    Score
    1/10
    behavioral3behavioral4

    • Target

      $APPDATA/USER/doinstall/strFormId/logo/resgen.exe

    • Size

      36KB

    • MD5

      fe249e495e6aefc8e5efb832a69f3f57

    • SHA1

      a5b37c878fafd676dd1a1b4a752e5d2ddf0fdb20

    • SHA256

      b8de815c5403f6e050222d3951e4ce24d2786db3e659a9bbc5c6b3e79b5127b7

    • SHA512

      8e88c9965c6b0b13cfaa2dbe5e7813568bd92fdaca1101a9c2f54192d143793b87afd433277ebc81a6e6ffc3d8251d8629dc3021708a0c0af27c99f2d63e520c

    • SSDEEP

      384:FMcI3qdirubUVbWxLGvI1XedIaWgX7lfpaVKlcOHz78c5K8NWuiokz196xuL2QP3:9I68VbWxyNdjrpFtQC

    Score
    1/10
    behavioral5behavioral6

    • Target

      $APPDATA/credits/ntfswipe

    • Size

      46KB

    • MD5

      b766c9874ec2bbc84f0aa56cdf5053ac

    • SHA1

      453b45f3b43e22329b0a56dade742bb60cf344c7

    • SHA256

      70b30e72d40a15cb186c8428c41dd1a9ddd37f107bb5bc549a4bb2140249fed8

    • SHA512

      3ecb43f4d6204c8a97c2b4868aaa7b0e2f02b8ef02a3eed4b5a77a973435a9b56dcdebbe28053bbaa1d608fe45b77ea0744acc23508d32b4db33e721e09907ed

    • SSDEEP

      768:V7vvrLdzYmHcEf6uefUnvubI+Df4ziQxLYyo1mVmI6RF6a3X2tk:l/iY7f6vvI+DAbMywF6a3X

    Score
    1/10
    behavioral7

    • Target

      $APPDATA/period/plan/frequency/clean/msddslmp.dll

    • Size

      40KB

    • MD5

      ee526797868d4ef8407045a78dfb8e72

    • SHA1

      c17ecf8ae4518c6120ad9f9e91ad66bba239ead5

    • SHA256

      e457bf97dedc3a13e4d07665bb559edafde145798057d8d48cc892adc7ad1960

    • SHA512

      6a849dad8efe88731b96d96947591c21530dea3484093275cbead0d163bd26bc460f8166a26778e201ac0fe54d6a25291d4a02079ef6d027a1a2e6902b293427

    • SSDEEP

      384:C7rvZs15uzKmqlTnM4P9sVqv1LRKWjoB4s0vLdnS3BXvVMMcZ/byN2DHpQ6uEAWf:CPZs1wz/q5lG03jThvZuEg

    Score
    1/10
    behavioral8behavioral9

    • Target

      $APPDATA/u2/mailto/connectt/DbgUrtMui.dll

    • Size

      28KB

    • MD5

      59cef37c54dec0166472d7db7df56afc

    • SHA1

      01a839ff2389e3b4e41dd474199efb1ecfba496a

    • SHA256

      f92e892e0ab61777ccc108d258c546c4cc4cc9034d0e766654a96fd7cbfbaabe

    • SHA512

      a96ab2309c28e37d54ed84f0f3d8fc88269c2b78dcdd52d94df39b4a317a8046da6a55666d27fa5d5a936edc16dcfb00d88f60befe2061dea3818e8eb8ab39be

    • SSDEEP

      768:HyFwb0Nw3PqM2Wu5zIWTusGC2BxT4PrWeqLi+vXex5Yb3vP1Z46PtV:H2y/3Pfb8+sGCEIrWeBK

    Score
    1/10
    behavioral10behavioral11

    • Target

      $PLUGINSDIR/System.dll

    • Size

      12KB

    • MD5

      0d7ad4f45dc6f5aa87f606d0331c6901

    • SHA1

      48df0911f0484cbe2a8cdd5362140b63c41ee457

    • SHA256

      3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

    • SHA512

      c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

    • SSDEEP

      192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

    Score
    3/10
    behavioral12behavioral13

    • Target

      $TEMP/diaeresis.dll

    • Size

      10KB

    • MD5

      51921a259471561b82e7b37b08cac3a5

    • SHA1

      a3d991d42e1861f4db64438969116771bc8dbb81

    • SHA256

      32dc82dd46ca4e4937b9f3c31988dde9cd1cfd4c907798d942b13394169f1bf6

    • SHA512

      2446084e48688f37e60116c734dc9c8172e3692b2dde6e915c35f89bed7c383c4c62516680b4a701f3a8d29bcfdf7418f9846c302d4a64f042aabe000b07aa7a

    • SSDEEP

      192:dWRKKJtAvnh/W+z0DPlZ8GRSkmBxu22HypO00XX:dwJtAf70pRgxdJO00XX

    Score
    4/10
    behavioral14behavioral15

    • Target

      $TEMP/namespace/CMAccept.exe

    • Size

      20KB

    • MD5

      ce9ec29c6b19dced820e0f2eea7c5237

    • SHA1

      5ab22cf17095bc0d3ba18e753654cff4edfd0dab

    • SHA256

      980a535ef48369fa83fe881e232c3f12ea34c93b06178b53ee441a73d54d7f02

    • SHA512

      b6bae95f663e0fd9e3facd64719b650244d48b4afdb630ec8429654799200bbfc056f37c8ff506fb07c3c7e9f698447475e73ea852c4d0ca71167c17aa21c35f

    • SSDEEP

      384:1z6qvCuzu45cE/lViXtz9bp3WNNW1Y1stEy1:1z6CzRNQh9bpKIEc

    Score
    1/10
    behavioral16behavioral17

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Proxy

1
T1090

Impact

Resource Development

Reconnaissance

Tasks