osiris | 9b85558890e3d294391a7cb297da5708910ce6ed1ce530c2e801db206c8022e6 | Triage

Sharing

General

Target

bbb9ac08df8194bde9ce1f5b53566112_JaffaCakes118
Size

434KB
Sample

240823-pnlykatdre
MD5

bbb9ac08df8194bde9ce1f5b53566112
SHA1

5806ce0fac4ec6b2d495f5e42ff9e38b32394daa
SHA256

9b85558890e3d294391a7cb297da5708910ce6ed1ce530c2e801db206c8022e6
SHA512

30ee0c884c921875f976196bc4aa358ff3732d380fc24749e2a30a8a67bd88661851932b7ac154a33eec0bed03063928fbe18fbd5e31d879811370e6f31737cb
SSDEEP

12288:rXPcLcbGfVylwG/ZDCK/ScBXo8TsyMkKMY8m7WOK9SATTsx/SA/WegYfdNbrqnus:rXh6XcBXo8TsL8Y8m/ATTySA/DrfdNb+

Score

10^/10

osiris banker botnet discovery

Malware Config

Targets

- Target
  
  bbb9ac08df8194bde9ce1f5b53566112_JaffaCakes118
- Size
  
  434KB
- MD5
  
  bbb9ac08df8194bde9ce1f5b53566112
- SHA1
  
  5806ce0fac4ec6b2d495f5e42ff9e38b32394daa
- SHA256
  
  9b85558890e3d294391a7cb297da5708910ce6ed1ce530c2e801db206c8022e6
- SHA512
  
  30ee0c884c921875f976196bc4aa358ff3732d380fc24749e2a30a8a67bd88661851932b7ac154a33eec0bed03063928fbe18fbd5e31d879811370e6f31737cb
- SSDEEP
  
  12288:rXPcLcbGfVylwG/ZDCK/ScBXo8TsyMkKMY8m7WOK9SATTsx/SA/WegYfdNbrqnus:rXh6XcBXo8TsL8Y8m/ATTySA/DrfdNb+
Score

10^/10

osiris banker botnet discovery
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

osirisbankerbotnetdiscovery

behavioral2

osirisbankerbotnetdiscovery