General

  • Target

    Payload94.754.225.exe

  • Size

    609KB

  • Sample

    241103-kmsx9szjaz

  • MD5

    987a79c800f109491dcbfbc589f940f2

  • SHA1

    d0a7eedc6b908ffc728f287036696fd0688436f7

  • SHA256

    07457423012b530efe135d313c7c3d509c0ec8f13dacd5751ddfce7c311182c7

  • SHA512

    959c7e45f4ae3ab901f7aad2ed3d5d74861aa9d812df0bf1bd499afd759a2811b98dbba43e143c3a90f8fa7c4b7d8592e1aa60402de8cc62da409c30aad118ac

  • SSDEEP

    12288:KZ543M5v7Kc3ygT2lXVCllX8peI7cQitqUmyq+1pmhM:SUiL3yjXUlu0I7vitqUmyq+1paM

Malware Config

Targets

    • Target

      Payload94.754.225.exe

    • Size

      609KB

    • MD5

      987a79c800f109491dcbfbc589f940f2

    • SHA1

      d0a7eedc6b908ffc728f287036696fd0688436f7

    • SHA256

      07457423012b530efe135d313c7c3d509c0ec8f13dacd5751ddfce7c311182c7

    • SHA512

      959c7e45f4ae3ab901f7aad2ed3d5d74861aa9d812df0bf1bd499afd759a2811b98dbba43e143c3a90f8fa7c4b7d8592e1aa60402de8cc62da409c30aad118ac

    • SSDEEP

      12288:KZ543M5v7Kc3ygT2lXVCllX8peI7cQitqUmyq+1pmhM:SUiL3yjXUlu0I7vitqUmyq+1paM

    • Osiris family

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks