osiris | 6bb71d8bf32cceef6a431136e0c965aa905c45c240b40bb20aa6fb6f661300f3 | Triage

Submit
Reports

Overview

overview

Static

static

kronos.js

windows7_x64

1

kronos.js

windows10_x64

Sharing

General

Target

kronos.js
Size

2.5MB
Sample

210113-yc4pvr7av2
MD5

d7445ce4be501700003a79023147e9b9
SHA1

2d80ceba1af9a16ef2b8186c5f46a19e984837f3
SHA256

6bb71d8bf32cceef6a431136e0c965aa905c45c240b40bb20aa6fb6f661300f3
SHA512

61d1c6d20b793b3f47143db918b66f8968cb43b0f5aee20d73ce009e6c2f924336a7f58b10ba631bff164371a9e80787ae3ac50caaa1943b57750b788db3ddc2

Score

10^/10

osiris banker botnet

Static task

static1

Behavioral task

behavioral1

Sample

kronos.js

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

kronos.js

Resource

win10v20201028

osiris banker botnet

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  kronos.js
- Size
  
  2.5MB
- MD5
  
  d7445ce4be501700003a79023147e9b9
- SHA1
  
  2d80ceba1af9a16ef2b8186c5f46a19e984837f3
- SHA256
  
  6bb71d8bf32cceef6a431136e0c965aa905c45c240b40bb20aa6fb6f661300f3
- SHA512
  
  61d1c6d20b793b3f47143db918b66f8968cb43b0f5aee20d73ce009e6c2f924336a7f58b10ba631bff164371a9e80787ae3ac50caaa1943b57750b788db3ddc2
Score

10^/10

osiris banker botnet
- Osiris
  banker botnet osiris
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

osirisbankerbotnet

© 2018-2024

Terms | Privacy