MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7498e37c332d55c14247ae4b675e726336a8683900d8fd1da412905567d2de4a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Osiris


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7498e37c332d55c14247ae4b675e726336a8683900d8fd1da412905567d2de4a
SHA3-384 hash: 2a9522e7b8a564ce805b30c61694ca6e434c70848ebcc47dc0502589670c9077ac2299a8464790638f065f6d8876d1d6
SHA1 hash: a514a6b0ce8257ab83ff20c736bb740d9771e661
MD5 hash: ba756bd88b3c26c287db5863fc232f50
humanhash: wolfram-six-winter-gee
File name:SecuriteInfo.com.Variant.Graftor.565491.15226.23565
Download: download sample
Signature Osiris
Create hunting rule
File size:588'288 bytes
First seen:2021-03-09 23:38:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 64d81f4b115b1fbae9a844045ab30de7 (1 x Osiris)
ssdeep 12288:HSYQYFYx8wlIEHAHhlyrTt6Zs/W0U0S18Wcqnu:cKWNAYTaoW30SKWc+u
Threatray 352 similar samples on MalwareBazaar
TLSH DCC4CF51F3414337CBA711B1D4A87BBAE57E9236436644D3A7980DDC68C18E0A33EA9F
Reporter SecuriteInfoCom
Tags:Osiris

Intelligence

File Origin
# of uploads :
1
# of downloads :
229
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
http://wifoweijijfoiwjweoi.xyz/panel/upload/data.cmp
Verdict:
Malicious activity
Analysis date:
2021-03-09 22:36:18 UTC
Tags:
trojan evasion stealer
Link:
https://app.any.run/tasks/ec0fed2c-859e-4042-8db6-96f6d88ee8b6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/123431/
Detection(s):
SecuriteInfo.com.Variant.Graftor.565491.15226.23565.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% subdirectories
Setting a keyboard event handler
DNS request
Sending an HTTP POST request
Sending a UDP request
Setting browser functions hooks
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun by creating a file
Unauthorized injection to a browser process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.spyw.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/633677
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Contains functionality to detect sleep reduction / modifications
Drops executable to a common third party application directory
Found C&C like URL pattern
Installs a global keyboard hook
Machine Learning detection for dropped file
Machine Learning detection for sample
May check the online IP address of the machine
Monitors registry run keys for changes
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.Trojan.Kronosbot
Create hunting rule
Status:
Malicious
First seen:
2021-03-09 23:30:37 UTC
AV detection:
19 of 28 (67.86%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
06fa1b160e322bd7710c9110b1e4e873795b5c2680b8bbe70bbaf23484533459
Osiris
1aa2009bf625cdd1f9fce70863201c2c9fc8624edd89103fda2e49b50ba908f7
Osiris
1bb6fb4d17c2bc64645d9ea67e3f3b34c4cc3b082c70676b202ebcd59762c3c2
Osiris
57605921f72fd210ec256ed3010b59d111c6d3b9e49b9e830e06d6bddce83db4
Osiris
6e6dfb6c3ce7a1a428b51a52ab1a1bb625f791f207204c29efe8c554b37d5cfe
Osiris
7c201535a28746b62adfa831cfccac096903f5b17ee83b8364fc890fa70a59fd
Osiris
92ddc88d7c1bde849c18747f4fcd526c240a81efe9c74ee1dcaa4a72ecc9ac3a
Osiris
bade0f195e312161612d9abe98eaa682bec5fc2b56d11d31517a63c9d7ea6284
Osiris
da767e6faf97d73997f397eae71b372a549dd6331bf8ec0ebd398ef8cfe9a47e
Osiris
e431d81e245dd47b376162b55b07a341789498cbc19dba9271b98cd048002e01
Osiris
+ 342 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery persistence spyware
Link:
https://tria.ge/reports/210309-fg7mmqvcle/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Adds Run key to start application
Checks installed software on the system
Looks up external IP address via web service
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
40d1e642401eead2fe300192687efa7593cc734a5030e24e5741b4b8031fad07
MD5 hash:
26b96834367f2d5b9d467eb956dbdb8a
SHA1 hash:
b104eeffaefe10253bacdd1d855ec28932c7664a
Link:
https://www.unpac.me/results/3fa32b8f-66a1-4bf9-bfbf-b01f35aa7fd5/
SH256 hash:
01997f008eb73a51abbf078b837b57e19dbfb542849fb5f1dc60382252b7bd8e
MD5 hash:
02e93a70f2b0cf6cb5a85cecb0c7b278
SHA1 hash:
d2262af07c4af5c7e0b0c0a43fd4131c4ab65bd1
Link:
https://www.unpac.me/results/3fa32b8f-66a1-4bf9-bfbf-b01f35aa7fd5/
SH256 hash:
7498e37c332d55c14247ae4b675e726336a8683900d8fd1da412905567d2de4a
MD5 hash:
ba756bd88b3c26c287db5863fc232f50
SHA1 hash:
a514a6b0ce8257ab83ff20c736bb740d9771e661
Detections:
win_kronos_auto
Create hunting rule
Link:
https://www.unpac.me/results/3fa32b8f-66a1-4bf9-bfbf-b01f35aa7fd5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7498e37c332d55c14247ae4b675e726336a8683900d8fd1da412905567d2de4a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:adonunix2
Create hunting rule
Author:Tim Brown @timb_machine
Description:AD on UNIX
Rule name:win_kronos_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Osiris

Executable exe 7498e37c332d55c14247ae4b675e726336a8683900d8fd1da412905567d2de4a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1057637/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/123431/

Comments