dacd8a22f8597467e2a40b2185995b7477b58bf26d1a719a0258bb21704dc14b | Triage

Sharing

General

Target

OSIRIS.rar
Size

5.5MB
Sample

240824-nvd1vsybjd
MD5

b4dde8583e5a21a89f53da22a2eae1b5
SHA1

cabfbfb7a75c5e227c1ecf5362b3907dd0376fd3
SHA256

dacd8a22f8597467e2a40b2185995b7477b58bf26d1a719a0258bb21704dc14b
SHA512

7f8f71173e8f73c67456a200070ff1caeb30e6b224c5e6004ab691baab738320a0dc1c412ff48d85b8939e9c90ef19433652eff115d2ff165ffcdbbabbd95350
SSDEEP

98304:FZd1SVotngkASF0Y9qP4FbtIw1nNNYfd7nZeY1qhcyvr6qCubjmzq77iuMKMXV/d:FZdUo9tASFR9G45tLbGpM+Er6jbqSuMZ

Score

8^/10

defense_evasion discovery vmprotect

Malware Config

Targets

- Target
  
  OSIRIS.rar
- Size
  
  5.5MB
- MD5
  
  b4dde8583e5a21a89f53da22a2eae1b5
- SHA1
  
  cabfbfb7a75c5e227c1ecf5362b3907dd0376fd3
- SHA256
  
  dacd8a22f8597467e2a40b2185995b7477b58bf26d1a719a0258bb21704dc14b
- SHA512
  
  7f8f71173e8f73c67456a200070ff1caeb30e6b224c5e6004ab691baab738320a0dc1c412ff48d85b8939e9c90ef19433652eff115d2ff165ffcdbbabbd95350
- SSDEEP
  
  98304:FZd1SVotngkASF0Y9qP4FbtIw1nNNYfd7nZeY1qhcyvr6qCubjmzq77iuMKMXV/d:FZdUo9tASFR9G45tLbGpM+Er6jbqSuMZ
Score

3^/10
behavioral1 behavioral2
- Target
  
  OSIRIS/AdbWinApi.dll
- Size
  
  104KB
- MD5
  
  99df7a009a6ad10c23180f823000938d
- SHA1
  
  a6c012414794260d724df39cafb3beeccc852cc5
- SHA256
  
  c81d6ebb3968b58b53beecf9c01e5c17ccf6fd4671fecf0293f5b07417b93844
- SHA512
  
  fcf498c3bf48b14265bd5da7d9c90048bcc92a3fe6ab31db0cdf5622002b040cc1cd6226e4394922f41b800c22e9d066558b12603bf0dfd6fb25865d9d19bebe
- SSDEEP
  
  1536:OpCxybY0FS6MqS6WvgD9xj03TabrFvY5J6sCGtL7kxi:Opo0k6ZWVTaif6sCGd3
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  OSIRIS/OSIRIS.exe
- Size
  
  5.5MB
- MD5
  
  0a3717539f8a5be1872df68ae5353643
- SHA1
  
  2322a24ed2bb0aa9f5106edd29d0859973d4123c
- SHA256
  
  09340ff4d7bef1acf164acedaff09f2e29504877a7a63d5183f025a8695ce3fa
- SHA512
  
  c007223e208da0f3ffdc802ebb82baa7a1523c576a1b3b1b0653c63cc9ea807a198434479f9cd727f31998c98e61d1f69938f8e391d7ccdd43e4ba7072e4ffbe
- SSDEEP
  
  98304:bAKwGERhl1WKiqlrEnCBwJZQoPqG5f97Mjs+Mx7ZQFvKRS9mrN6jm5QJTWzPCZ:bAKwfKFqlQON+V9QtMx7CFic9CoxWzg
Score

7^/10

vmprotect
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral5 behavioral6
- Target
  
  OSIRIS/OSIRIS.lic
- Size
  
  8B
- MD5
  
  b2a8aedfca99e027eb4804812ce06e37
- SHA1
  
  5fe828c8cdcb078568068ab52ca7a06067b7b1fb
- SHA256
  
  7d6e4a977b9ec8d5f31188f5d04b4aae9a03d42546406fa5e7dc24fda79efcb3
- SHA512
  
  4cc82d05f8c31a83dea5bad663a38de9018da437126450fc86d703246b061063df18bde7d224fd28a7b50c070c135125a0acfb3f18d9090efda9fc8fab3c6457
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  OSIRIS/adb.exe
- Size
  
  800KB
- MD5
  
  73fc6df8f4075be5fa3a46a0f2f8ab24
- SHA1
  
  6fd7d5ec8c1520f61725600fee0168be01668df1
- SHA256
  
  7ba3408356fa0216e31d0879580031d1ac033281f2b07a9491777b3fbcbb1413
- SHA512
  
  b87a7e6a945ea80f788db6d02a476efb1422429035cbf35dca2409a0bcd4ac3867aa9c19ecac4f1227f4d8c788991c0248fd1d8af54812d3cb3cc133e3dd911b
- SSDEEP
  
  12288:M5KIVNAIOlVvllPhcjpGsv6cViTIlZThJCmG11RuMYRO2fJpUGpdmTfFnIY:M5KYALlvlPyjpGo6cMTI7bqYaTfFnIY
Score

8^/10

defense_evasion discovery
- Downloads MZ/PE file
- Executes dropped EXE
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

defense_evasiondiscovery