506b11dd836fdbf1b8aa6e48d922ec9b8ec442cd859fc02f889cdf7ff3224aae | Triage

Sharing

General

Target

8ec9d7a0c950e4f013f9afc76d807e597d7cad9a
Size

221KB
Sample

191018-qqj5ysk7q6
MD5

c2a223f30e31d730e8fc2fae6d695d72
SHA1

8ec9d7a0c950e4f013f9afc76d807e597d7cad9a
SHA256

506b11dd836fdbf1b8aa6e48d922ec9b8ec442cd859fc02f889cdf7ff3224aae
SHA512

6e18ea80b557c167afee4294c21a3ea42c23e76a85830f43c1a1354108eea8b289f6da56e86a8963b1f62e5ee97e65723b2e74e193a2e4e30146c665b1e4009f

Score

10^/10

1000

Malware Config

Extracted

Family

ursnif

Botnet

1000

C2

http://alister-mathmatics.club

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  8ec9d7a0c950e4f013f9afc76d807e597d7cad9a
- Size
  
  221KB
- MD5
  
  c2a223f30e31d730e8fc2fae6d695d72
- SHA1
  
  8ec9d7a0c950e4f013f9afc76d807e597d7cad9a
- SHA256
  
  506b11dd836fdbf1b8aa6e48d922ec9b8ec442cd859fc02f889cdf7ff3224aae
- SHA512
  
  6e18ea80b557c167afee4294c21a3ea42c23e76a85830f43c1a1354108eea8b289f6da56e86a8963b1f62e5ee97e65723b2e74e193a2e4e30146c665b1e4009f
Score

10^/10
- ursnif family
  family
- Windows security modification
  evasion trojan
- Checks system information in the registry (likely anti-VM)
- Modifies service
  persistence
task1 task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

task1

task2