MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dfb2cb14a2f6a3281514226cec06bb2bb99e9ebbeb583a9b6f80ec8b4d6fe15f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Osiris

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	dfb2cb14a2f6a3281514226cec06bb2bb99e9ebbeb583a9b6f80ec8b4d6fe15f
SHA3-384 hash:	81f9748ac632f5b386100eb5fbb99edd27dfb328a52ffa89228dc4f0da0438592e45d72bde067d1dff1618ca0b7c1c7c
SHA1 hash:	b9320b32b14219e2829eaa6a69b046e6d68b39dd
MD5 hash:	b988afbb1df5f268d64a2ef604c92cdf
humanhash:	july-double-bacon-berlin
File name:	dfb2cb14a2f6a3281514226cec06bb2bb99e9ebbeb583a9b6f80ec8b4d6fe15f
Download:	download sample
Signature	Osiris Create hunting rule
File size:	496'128 bytes
First seen:	2020-11-05 16:35:37 UTC
Last seen:	2020-11-05 18:41:09 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	c037e0c1269442fa668df5a742703682 (1 x Osiris)
ssdeep	6144:D4fSYF93q3hpLdtWiUaMA4hcobyNZWBNsqMEu//h1p4RWGp7YWe7Ds5iuPX8:7gcXtZtchI4s1fpQE1Xs5rE
Threatray	5 similar samples on MalwareBazaar
TLSH	22B4CF129A92F15AFCC208BB967245684638BB631B1BB2CF0B5DB6BC9F376D01C31553
Reporter	Anonymous
Tags:	geo MEX Osiris

Anonymous

Kronos/Osiris targeting Mexico users

Intelligence

File Origin

# of uploads :

2

# of downloads :

95

Origin country :

n/a

Vendor Threat Intelligence

Detection:

Kronos

Link:

https://www.capesandbox.com/analysis/83326/

Detection(s):

PUA.Win.Packer.Purebasic-2

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Launching the default Windows debugger (dwwin.exe)

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/dfb2cb14a2f6a3281514226cec06bb2bb99e9ebbeb583a9b6f80ec8b4d6fe15f/

Threat name:

Win32.Network.TorTool

Status:

Malicious

First seen:

2020-10-07 19:33:26 UTC

AV detection:

20 of 29 (68.97%)

Threat level:

3/5

Verdict:

malicious

Similar samples:

111b63f31d1e6855b0bc722107ac4f5668a7f115fd45654625eb41a6160828c6

4da8564def807d49cf9d45fcad3e9201344732a49aea4261ab05b8b43cb3adae

62bd38c89d1a30b03bd89a788d9f2852659f77715c97e5c12445c33f43fa13e5

73feac20d7cdbe1e10ca26b196d60d68ea0c4e652ceacf534b1c549e4e597e74

bf9eb06db25ea1d3138b8e19a18d248df56a04200f9e54edfed850d018d2bb62

Result

Malware family:

osiris

Score:

10/10

Tags:

family:osiris banker botnet spyware

Link:

https://tria.ge/reports/201105-c31ghfvls2/

Behaviour

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Program crash

Suspicious use of SetThreadContext

Looks up external IP address via web service

Loads dropped DLL

Reads user/profile data of web browsers

Executes dropped EXE

Osiris

Unpacked files

SH256 hash:

cd4771cf1b12b92e05f0e2d1f11ab9cf95b5d8b5e5968b67ebe9f945150e44ff

MD5 hash:

c4cb119d27f4ec51621c921d8adf04b4

SHA1 hash:

3af2ea4d5586406588e593c7d26a1981adfc4ea0

Link:

https://www.unpac.me/results/a3ff3de1-2991-4ee4-9c2e-e1bbdec644f3/

SH256 hash:

0bbdb9461df2da2105e8f9f07b1df49ddd98c610b15d683f4fe15a20d20b2791

MD5 hash:

3410c740674b3804b53455b0e76b3f67

SHA1 hash:

c9bbc9bd24ffa7033de130af849c5c04221b77a4

Link:

https://www.unpac.me/results/a3ff3de1-2991-4ee4-9c2e-e1bbdec644f3/

SH256 hash:

bcf88f78abf0a76e271e4bd6a5ef1c5e790dd99f420dce1654a407928ebe7613

MD5 hash:

ad899d8d4a3e4710aa667eda8c252756

SHA1 hash:

2ae2fee087d8e135c3006143e085e00cefe08377

Link:

https://www.unpac.me/results/a3ff3de1-2991-4ee4-9c2e-e1bbdec644f3/

SH256 hash:

dfb2cb14a2f6a3281514226cec06bb2bb99e9ebbeb583a9b6f80ec8b4d6fe15f

MD5 hash:

b988afbb1df5f268d64a2ef604c92cdf

SHA1 hash:

b9320b32b14219e2829eaa6a69b046e6d68b39dd

Link:

https://www.unpac.me/results/a3ff3de1-2991-4ee4-9c2e-e1bbdec644f3/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Chronos

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/dfb2cb14a2f6a3281514226cec06bb2bb99e9ebbeb583a9b6f80ec8b4d6fe15f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/83326/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample