Overview

overview

10

task1

 

10

task2

 

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d1ecc1919cb5eb738f08fb103871cd8845cef5b6bcd7bafd3fdcb2f180e64ec5

  • Size

    415KB

  • Sample

    191025-hm4e2mdzf2

  • MD5

    8d8322a6f53443a7b6f08f13e5fe200a

  • SHA1

    013ac9e1d4e0b9defdb9b2d567dd6ce0a55356e0

  • SHA256

    d1ecc1919cb5eb738f08fb103871cd8845cef5b6bcd7bafd3fdcb2f180e64ec5

  • SHA512

    125da1c20b7babfe39ce47db367bfb5fed4dd7e1d619836c473c78fbfc944f1c9333d842dd997e0756c1f25b90c79f2848fe3f02219ca4fb1e77232eea33d2cf

Score
10/10
2000

Malware Config

Extracted

Family

ursnif

Botnet

2000

C2

x1.narutik.at/webstore cdn5.narutik.at/webstore cd.pranahat.at/webstore

rsa_pubkey.base64
serpent.plain

Targets

    • Target

      d1ecc1919cb5eb738f08fb103871cd8845cef5b6bcd7bafd3fdcb2f180e64ec5

    • Size

      415KB

    • MD5

      8d8322a6f53443a7b6f08f13e5fe200a

    • SHA1

      013ac9e1d4e0b9defdb9b2d567dd6ce0a55356e0

    • SHA256

      d1ecc1919cb5eb738f08fb103871cd8845cef5b6bcd7bafd3fdcb2f180e64ec5

    • SHA512

      125da1c20b7babfe39ce47db367bfb5fed4dd7e1d619836c473c78fbfc944f1c9333d842dd997e0756c1f25b90c79f2848fe3f02219ca4fb1e77232eea33d2cf

    Score
    10/10

    • ursnif family

      family

    • Windows security modification

      evasiontrojan

    • Checks system information in the registry (likely anti-VM)

    • Modifies service

      persistence
    task1task2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Disabling Security Tools

1
T1089

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks