General

  • Target

    8ec9d7a0c950e4f013f9afc76d807e597d7cad9a

  • Size

    221KB

  • Sample

    191018-qqj5ysk7q6

  • MD5

    c2a223f30e31d730e8fc2fae6d695d72

  • SHA1

    8ec9d7a0c950e4f013f9afc76d807e597d7cad9a

  • SHA256

    506b11dd836fdbf1b8aa6e48d922ec9b8ec442cd859fc02f889cdf7ff3224aae

  • SHA512

    6e18ea80b557c167afee4294c21a3ea42c23e76a85830f43c1a1354108eea8b289f6da56e86a8963b1f62e5ee97e65723b2e74e193a2e4e30146c665b1e4009f

Score
10/10

Malware Config

Extracted

Family

ursnif

Botnet

1000

C2

http://alister-mathmatics.club

rsa_pubkey.base64
serpent.plain

Targets

    • Target

      8ec9d7a0c950e4f013f9afc76d807e597d7cad9a

    • Size

      221KB

    • MD5

      c2a223f30e31d730e8fc2fae6d695d72

    • SHA1

      8ec9d7a0c950e4f013f9afc76d807e597d7cad9a

    • SHA256

      506b11dd836fdbf1b8aa6e48d922ec9b8ec442cd859fc02f889cdf7ff3224aae

    • SHA512

      6e18ea80b557c167afee4294c21a3ea42c23e76a85830f43c1a1354108eea8b289f6da56e86a8963b1f62e5ee97e65723b2e74e193a2e4e30146c665b1e4009f

    Score
    10/10
    • ursnif family

    • Windows security modification

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

MITRE ATT&CK Enterprise v6

Tasks