5c2f4f2893dadc75178da674dddc8c5375fa4242c76c0d99ff5f973c2822b7e6 | Triage

Sharing

General

Target

9193eaeff8fff6c8b09dc370b9e60ddab5b121a3
Size

224KB
Sample

191018-z54frb66pa
MD5

40614732a85cb4828dceaab30d2e68da
SHA1

9193eaeff8fff6c8b09dc370b9e60ddab5b121a3
SHA256

5c2f4f2893dadc75178da674dddc8c5375fa4242c76c0d99ff5f973c2822b7e6
SHA512

0c46705c3d66b87e07f7de9db0a9b617bffb4751d6235a4c19eddadabd4145213a8418e638d3e2635ff758420f6c0bc607981ac8076af730618db7c7633a356d

Score

10^/10

1000

Malware Config

Extracted

Family

ursnif

Botnet

1000

C2

http://weekends-estate.xyz

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  9193eaeff8fff6c8b09dc370b9e60ddab5b121a3
- Size
  
  224KB
- MD5
  
  40614732a85cb4828dceaab30d2e68da
- SHA1
  
  9193eaeff8fff6c8b09dc370b9e60ddab5b121a3
- SHA256
  
  5c2f4f2893dadc75178da674dddc8c5375fa4242c76c0d99ff5f973c2822b7e6
- SHA512
  
  0c46705c3d66b87e07f7de9db0a9b617bffb4751d6235a4c19eddadabd4145213a8418e638d3e2635ff758420f6c0bc607981ac8076af730618db7c7633a356d
Score

10^/10
- ursnif family
  family
- Windows security modification
  evasion trojan
- Checks system information in the registry (likely anti-VM)
- Modifies service
  persistence
task1 task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

task1

task2