General

  • Target

    9193eaeff8fff6c8b09dc370b9e60ddab5b121a3

  • Size

    224KB

  • Sample

    191018-z54frb66pa

  • MD5

    40614732a85cb4828dceaab30d2e68da

  • SHA1

    9193eaeff8fff6c8b09dc370b9e60ddab5b121a3

  • SHA256

    5c2f4f2893dadc75178da674dddc8c5375fa4242c76c0d99ff5f973c2822b7e6

  • SHA512

    0c46705c3d66b87e07f7de9db0a9b617bffb4751d6235a4c19eddadabd4145213a8418e638d3e2635ff758420f6c0bc607981ac8076af730618db7c7633a356d

Score
10/10

Malware Config

Extracted

Family

ursnif

Botnet

1000

C2

http://weekends-estate.xyz

rsa_pubkey.base64
serpent.plain

Targets

    • Target

      9193eaeff8fff6c8b09dc370b9e60ddab5b121a3

    • Size

      224KB

    • MD5

      40614732a85cb4828dceaab30d2e68da

    • SHA1

      9193eaeff8fff6c8b09dc370b9e60ddab5b121a3

    • SHA256

      5c2f4f2893dadc75178da674dddc8c5375fa4242c76c0d99ff5f973c2822b7e6

    • SHA512

      0c46705c3d66b87e07f7de9db0a9b617bffb4751d6235a4c19eddadabd4145213a8418e638d3e2635ff758420f6c0bc607981ac8076af730618db7c7633a356d

    Score
    10/10
    • ursnif family

    • Windows security modification

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

MITRE ATT&CK Enterprise v6

Tasks