osiris | 69b7f307a740350810bfc7442949bbfb25c66887f678348881c7a54fbad44f7e | Triage

Sharing

General

Target

JaffaCakes118_9f6bcc24fa56a9669d51221999cd9086
Size

444KB
Sample

250108-pp3byazlfv
MD5

9f6bcc24fa56a9669d51221999cd9086
SHA1

f1b432211a701c09608af331847e49af072042e7
SHA256

69b7f307a740350810bfc7442949bbfb25c66887f678348881c7a54fbad44f7e
SHA512

7db01a41ee3a5954263f7c04d8dd64bce1f47e36598367de3cc04f927993b90cd0c2f07d4ddb67c0a61d7e2227c6b758213fd017d29a0179890ce29117936ff5
SSDEEP

12288:sqiNL0Y/eQ2ZaOpTYP+Xjn+sX9eK+ySCF:sxNL0Y/ezauYP+FX9t+zm

Score

10^/10

osiris banker botnet discovery

Malware Config

Targets

- Target
  
  JaffaCakes118_9f6bcc24fa56a9669d51221999cd9086
- Size
  
  444KB
- MD5
  
  9f6bcc24fa56a9669d51221999cd9086
- SHA1
  
  f1b432211a701c09608af331847e49af072042e7
- SHA256
  
  69b7f307a740350810bfc7442949bbfb25c66887f678348881c7a54fbad44f7e
- SHA512
  
  7db01a41ee3a5954263f7c04d8dd64bce1f47e36598367de3cc04f927993b90cd0c2f07d4ddb67c0a61d7e2227c6b758213fd017d29a0179890ce29117936ff5
- SSDEEP
  
  12288:sqiNL0Y/eQ2ZaOpTYP+Xjn+sX9eK+ySCF:sxNL0Y/ezauYP+FX9t+zm
Score

10^/10

osiris banker botnet discovery
- Osiris
  banker botnet osiris
- Osiris family
  osiris
- Executes dropped EXE
- Loads dropped DLL
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

osirisbankerbotnetdiscovery

behavioral2

osirisbankerbotnetdiscovery