Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    42cb5218b9b949231f3c601715e80aab3d416f91

  • Size

    218KB

  • Sample

    191018-ze7jdhqtg6

  • MD5

    b1dfb9bec5e466129b9146a9ecf48c9a

  • SHA1

    42cb5218b9b949231f3c601715e80aab3d416f91

  • SHA256

    9732d1386be943abf76b2e558d2bb458ce48365135da9b9ded4d7cbd939f2cce

  • SHA512

    064b705f63d8866bfd6b0b1c104c09305a159ecc51665ffa4f74e88510e3d32478cfa65abaf908cbd547bf016002a5da5bf0399c399f9c63303ceafb88d20b89

Score
10/10
500

Malware Config

Extracted

Family

ursnif

Botnet

500

C2

http://myhomesitter.fun

rsa_pubkey.base64
serpent.plain

Targets

    • Target

      42cb5218b9b949231f3c601715e80aab3d416f91

    • Size

      218KB

    • MD5

      b1dfb9bec5e466129b9146a9ecf48c9a

    • SHA1

      42cb5218b9b949231f3c601715e80aab3d416f91

    • SHA256

      9732d1386be943abf76b2e558d2bb458ce48365135da9b9ded4d7cbd939f2cce

    • SHA512

      064b705f63d8866bfd6b0b1c104c09305a159ecc51665ffa4f74e88510e3d32478cfa65abaf908cbd547bf016002a5da5bf0399c399f9c63303ceafb88d20b89

    Score
    10/10

    • ursnif family

      family

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence
    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks