osiris | ac9db121f9bffe93135fc8409d427bb1d555430cad35db2dcc37af0477d95e6f | Triage

Submit
Reports

Overview

overview

Static

static

3

be05248b4c...18.exe

windows7-x64

be05248b4c...18.exe

windows10-2004-x64

7

Sharing

General

Target

be05248b4cb0985b2c65804f548db8d3_JaffaCakes118
Size

1.7MB
Sample

240824-gqkvaayaqk
MD5

be05248b4cb0985b2c65804f548db8d3
SHA1

bdd6009bcf09fb52d8ec2664a48dfb3d5e90d988
SHA256

ac9db121f9bffe93135fc8409d427bb1d555430cad35db2dcc37af0477d95e6f
SHA512

d6334fcf4db525e018040ec839163f9b330885746ae52935e4269b43602a3ec1f37ad274014c6d1f09d2c05140677150135526ae677a2b25f879a903f8c994bd
SSDEEP

24576:FxBZxrdKk7Siu3mcZVTVkoHYxiJDo5eantrwHsD8Xw2ugSG9EkCu1vDewil4Ml5l:HhdKJBZVT+f35RdI3vEkZpDe7OMB

Score

10^/10

osiris banker botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

be05248b4cb0985b2c65804f548db8d3_JaffaCakes118.exe

Resource

win7-20240708-en

osiris banker botnet discovery

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

be05248b4cb0985b2c65804f548db8d3_JaffaCakes118.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  be05248b4cb0985b2c65804f548db8d3_JaffaCakes118
- Size
  
  1.7MB
- MD5
  
  be05248b4cb0985b2c65804f548db8d3
- SHA1
  
  bdd6009bcf09fb52d8ec2664a48dfb3d5e90d988
- SHA256
  
  ac9db121f9bffe93135fc8409d427bb1d555430cad35db2dcc37af0477d95e6f
- SHA512
  
  d6334fcf4db525e018040ec839163f9b330885746ae52935e4269b43602a3ec1f37ad274014c6d1f09d2c05140677150135526ae677a2b25f879a903f8c994bd
- SSDEEP
  
  24576:FxBZxrdKk7Siu3mcZVTVkoHYxiJDo5eantrwHsD8Xw2ugSG9EkCu1vDewil4Ml5l:HhdKJBZVT+f35RdI3vEkZpDe7OMB
Score

10^/10

osiris banker botnet discovery
- Osiris
  banker botnet osiris
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

osirisbankerbotnetdiscovery

behavioral2

© 2018-2025

Terms | Privacy