e39e7b370667db88b6fd90410873a312599e750e66708cab60e681e61b9c5c24 | Triage

Sharing

General

Target

1bbbae729c33ea1ff7f99ddca6317e05a4242d63
Size

285KB
Sample

191018-jyewsk7k72
MD5

9ecaa6e99f08fbb4285a0e7188477617
SHA1

1bbbae729c33ea1ff7f99ddca6317e05a4242d63
SHA256

e39e7b370667db88b6fd90410873a312599e750e66708cab60e681e61b9c5c24
SHA512

c06c1ae987251b7f36889680804cdc89b95a2bf170a1a1b614f0c0102ffd2846257c1265e2e83aee2f755cfc19d649bf8b4e0023e9c25d02a3021659131addbd

Score

10^/10

500

Malware Config

Extracted

Family

ursnif

Botnet

500

C2

http://myhomesitter.fun

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  1bbbae729c33ea1ff7f99ddca6317e05a4242d63
- Size
  
  285KB
- MD5
  
  9ecaa6e99f08fbb4285a0e7188477617
- SHA1
  
  1bbbae729c33ea1ff7f99ddca6317e05a4242d63
- SHA256
  
  e39e7b370667db88b6fd90410873a312599e750e66708cab60e681e61b9c5c24
- SHA512
  
  c06c1ae987251b7f36889680804cdc89b95a2bf170a1a1b614f0c0102ffd2846257c1265e2e83aee2f755cfc19d649bf8b4e0023e9c25d02a3021659131addbd
Score

10^/10
- ursnif family
  family
- Windows security modification
  evasion trojan
- Checks system information in the registry (likely anti-VM)
- Modifies service
  persistence
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

task2