Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a038cf5f99d17df1e223aaf2f5f80b4b4a440a4e

  • Size

    209KB

  • Sample

    191018-7wl797zm62

  • MD5

    c2af6d564b13af07b536e592dc0ac4d4

  • SHA1

    a038cf5f99d17df1e223aaf2f5f80b4b4a440a4e

  • SHA256

    ba6af8e68fc67d929a1567eef3a86c1ba481f4f55ee203a17b4e0ee81ec58f41

  • SHA512

    d5e402e4ec1f7444a5487f86a4ae2a7d612fee5ad7ff395ac7c6fbe74271d5435de61c8459241d0e9b2b9b6b4e81f6a9219b5863d9897675b01a08ac06940348

Score
10/10
1000

Malware Config

Extracted

Family

ursnif

Botnet

1000

C2

http://weekends-estate.xyz

rsa_pubkey.base64
serpent.plain

Targets

    • Target

      a038cf5f99d17df1e223aaf2f5f80b4b4a440a4e

    • Size

      209KB

    • MD5

      c2af6d564b13af07b536e592dc0ac4d4

    • SHA1

      a038cf5f99d17df1e223aaf2f5f80b4b4a440a4e

    • SHA256

      ba6af8e68fc67d929a1567eef3a86c1ba481f4f55ee203a17b4e0ee81ec58f41

    • SHA512

      d5e402e4ec1f7444a5487f86a4ae2a7d612fee5ad7ff395ac7c6fbe74271d5435de61c8459241d0e9b2b9b6b4e81f6a9219b5863d9897675b01a08ac06940348

    Score
    10/10

    • ursnif family

      family

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence
    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks