9732d1386be943abf76b2e558d2bb458ce48365135da9b9ded4d7cbd939f2cce | Triage

Sharing

General

Target

42cb5218b9b949231f3c601715e80aab3d416f91
Size

218KB
Sample

191018-ze7jdhqtg6
MD5

b1dfb9bec5e466129b9146a9ecf48c9a
SHA1

42cb5218b9b949231f3c601715e80aab3d416f91
SHA256

9732d1386be943abf76b2e558d2bb458ce48365135da9b9ded4d7cbd939f2cce
SHA512

064b705f63d8866bfd6b0b1c104c09305a159ecc51665ffa4f74e88510e3d32478cfa65abaf908cbd547bf016002a5da5bf0399c399f9c63303ceafb88d20b89

Score

10^/10

500

Malware Config

Extracted

Family

ursnif

Botnet

500

C2

http://myhomesitter.fun

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  42cb5218b9b949231f3c601715e80aab3d416f91
- Size
  
  218KB
- MD5
  
  b1dfb9bec5e466129b9146a9ecf48c9a
- SHA1
  
  42cb5218b9b949231f3c601715e80aab3d416f91
- SHA256
  
  9732d1386be943abf76b2e558d2bb458ce48365135da9b9ded4d7cbd939f2cce
- SHA512
  
  064b705f63d8866bfd6b0b1c104c09305a159ecc51665ffa4f74e88510e3d32478cfa65abaf908cbd547bf016002a5da5bf0399c399f9c63303ceafb88d20b89
Score

10^/10
- ursnif family
  family
- Windows security modification
  evasion trojan
- Checks system information in the registry (likely anti-VM)
- Modifies service
  persistence
task1 task2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

task1

task2