Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d0a308811bd0cf98b7f3c13328f34e192ae9f07c

  • Size

    154KB

  • Sample

    191018-dhmnstln9e

  • MD5

    1e58a4d81186395fdde201ba0752ae23

  • SHA1

    d0a308811bd0cf98b7f3c13328f34e192ae9f07c

  • SHA256

    749d9f1bd425a9b49b9ad6e4bcdcb1954de0ad97d6b1506f1fd41ca62ff196c6

  • SHA512

    307ae70e78e7e2c52fadbf8e948eefa8ed448690454031993826c2333b27573f67b23a1e33e8491a2b1d7ebb13758c29ed8813b311733bd30b3296cf874a2d54

Score
10/10
500

Malware Config

Extracted

Family

ursnif

Botnet

500

C2

http://myhomesitter.fun

rsa_pubkey.base64
serpent.plain

Targets

    • Target

      d0a308811bd0cf98b7f3c13328f34e192ae9f07c

    • Size

      154KB

    • MD5

      1e58a4d81186395fdde201ba0752ae23

    • SHA1

      d0a308811bd0cf98b7f3c13328f34e192ae9f07c

    • SHA256

      749d9f1bd425a9b49b9ad6e4bcdcb1954de0ad97d6b1506f1fd41ca62ff196c6

    • SHA512

      307ae70e78e7e2c52fadbf8e948eefa8ed448690454031993826c2333b27573f67b23a1e33e8491a2b1d7ebb13758c29ed8813b311733bd30b3296cf874a2d54

    Score
    10/10

    • ursnif family

      family

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence
    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks