Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1bbbae729c33ea1ff7f99ddca6317e05a4242d63

  • Size

    285KB

  • Sample

    191018-jyewsk7k72

  • MD5

    9ecaa6e99f08fbb4285a0e7188477617

  • SHA1

    1bbbae729c33ea1ff7f99ddca6317e05a4242d63

  • SHA256

    e39e7b370667db88b6fd90410873a312599e750e66708cab60e681e61b9c5c24

  • SHA512

    c06c1ae987251b7f36889680804cdc89b95a2bf170a1a1b614f0c0102ffd2846257c1265e2e83aee2f755cfc19d649bf8b4e0023e9c25d02a3021659131addbd

Score
10/10
500

Malware Config

Extracted

Family

ursnif

Botnet

500

C2

http://myhomesitter.fun

rsa_pubkey.base64
serpent.plain

Targets

    • Target

      1bbbae729c33ea1ff7f99ddca6317e05a4242d63

    • Size

      285KB

    • MD5

      9ecaa6e99f08fbb4285a0e7188477617

    • SHA1

      1bbbae729c33ea1ff7f99ddca6317e05a4242d63

    • SHA256

      e39e7b370667db88b6fd90410873a312599e750e66708cab60e681e61b9c5c24

    • SHA512

      c06c1ae987251b7f36889680804cdc89b95a2bf170a1a1b614f0c0102ffd2846257c1265e2e83aee2f755cfc19d649bf8b4e0023e9c25d02a3021659131addbd

    Score
    10/10

    • ursnif family

      family

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence
    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks