New banking Trojan, Osiris, is thought to be primarily based on Kronos source code and most likely has the same author. Both Trojans use identical evasions check. Indeed, they search for different processes and loaded modules which can point to the environment where the malware is executed. Every syscall has its own wrapper function. The same code obfuscation method (such as using raw syscalls). The similarities of Osiris and Kronos first came to light after analyzing the functions which create a global mutex.”]
Source: https://research.checkpoint.com/2018/osiris-enhanced-banking-trojan/