Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8ad35f111142e94599955379dad6fe8040789f0b

  • Size

    296KB

  • Sample

    191018-6cbxhgqhwx

  • MD5

    f06dafd27fd3a2968484a9e03a918961

  • SHA1

    8ad35f111142e94599955379dad6fe8040789f0b

  • SHA256

    e9ca2e726c664d3f610c06ce555e5c5cf3550e5cc7fb21bf2c6b461976b8cc29

  • SHA512

    f1f9562566cf25b353db953b314f741b7a510b97c02249c175dae2e7402a8cc1d36fa867a8c3ef76e1f1a23d8320834077a480095c39dc23c12157221de1bc17

Score
10/10
500

Malware Config

Extracted

Family

ursnif

Botnet

500

C2

http://myhomesitter.fun

rsa_pubkey.base64
serpent.plain

Targets

    • Target

      8ad35f111142e94599955379dad6fe8040789f0b

    • Size

      296KB

    • MD5

      f06dafd27fd3a2968484a9e03a918961

    • SHA1

      8ad35f111142e94599955379dad6fe8040789f0b

    • SHA256

      e9ca2e726c664d3f610c06ce555e5c5cf3550e5cc7fb21bf2c6b461976b8cc29

    • SHA512

      f1f9562566cf25b353db953b314f741b7a510b97c02249c175dae2e7402a8cc1d36fa867a8c3ef76e1f1a23d8320834077a480095c39dc23c12157221de1bc17

    Score
    10/10

    • ursnif family

      family

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence
    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks