MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 111b63f31d1e6855b0bc722107ac4f5668a7f115fd45654625eb41a6160828c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Osiris
Vendor detections: 9
| SHA256 hash: | 111b63f31d1e6855b0bc722107ac4f5668a7f115fd45654625eb41a6160828c6 |
|---|---|
| SHA3-384 hash: | 8b09353a36a66aefdf0a81acc0d8fbd416cdd6411fb9dde1ab0f15292af76484e11a556b49bbee046c972130d9949a10 |
| SHA1 hash: | a5a5f96142c6b7ca25fc451a45e9964ff4f6cd89 |
| MD5 hash: | 5082932c741a5ff379de1c3f2edf1321 |
| humanhash: | one-victor-pizza-tango |
| File name: | isb777amx.bin |
| Download: | download sample |
| Signature | Osiris |
| File size: | 745'984 bytes |
| First seen: | 2020-10-08 09:33:41 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 9b685ef66de1532206ca01255bd0a08a (1 x Osiris, 1 x SystemBC) |
| ssdeep | 12288:+D3Eu+HRH+tWVW3Es37CAp0Pg2m7AtyHh2Q1wzlGlFPhNz:X5+8I3/3WAp0PgtAEhLlFPL |
| Threatray | 1 similar samples on MalwareBazaar |
| TLSH | 92F4E6A795406F33D091D03FE0378627D3119817FF670B0195AEEA942ADB19623EBB4E |
| Reporter |  JAMESWT_WT |
| Tags: | Osiris |
Intelligence
File Origin
# of uploads :
1
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Setting browser functions hooks
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.spyw.evad
Score:
72 / 100
Signature
Antivirus / Scanner detection for submitted sample
Found Tor onion address
Installs a global keyboard hook
Machine Learning detection for sample
May check the online IP address of the machine
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Detection:
kronos
Threat name:
Win32.Trojan.Smokeload
Status:
Malicious
First seen:
2019-10-22 02:15:00 UTC
File Type:
PE (Exe)
Extracted files:
10
AV detection:
39 of 48 (81.25%)
Threat level:
5/5
Verdict:
malicious
Result
Malware family:
osiris
Score:
10/10
Tags:
banker botnet family:osiris
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Looks up external IP address via web service
Loads dropped DLL
Executes dropped EXE
Osiris
Unpacked files
SH256 hash:
111b63f31d1e6855b0bc722107ac4f5668a7f115fd45654625eb41a6160828c6
MD5 hash:
5082932c741a5ff379de1c3f2edf1321
SHA1 hash:
a5a5f96142c6b7ca25fc451a45e9964ff4f6cd89
SH256 hash:
70a9193897759486de2a4f09978c9e1087f05e90796a6ac93850040050559378
MD5 hash:
566079e09b357e8d78d9f47d2c797ce3
SHA1 hash:
80971ab8d99fb8c56c243375d0ec6028aaa43c3e
SH256 hash:
99ebc1a372b06aca18f3e7d31c330598a23f7005572056ff245555676ee8e676
MD5 hash:
fddbd5dcf98bbc778f478f6b43510377
SHA1 hash:
e67e379c4ae850068d3a95e163f14d22e0fd586a
Detections:
win_kronos_g1
win_kronos_auto
SH256 hash:
02a9129bcaab584885725ddfcfaef108ca7a66499a9bd15189f8316bd40a646d
MD5 hash:
227958c8e6e50ac28ffeb146156e82a5
SHA1 hash:
fdd718645c8b372a91761ed341a4a9cb7318d354
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.