ursnif_rm3 | 562b6f9799bf19a42aa840a2f7178cc11bce20110ade85cf354a57dd0b569824 | Triage

Sharing

General

Target

562b6f9799bf19a42aa840a2f7178cc11bce20110ade85cf354a57dd0b569824.exe
Size

1.2MB
Sample

200512-jgprncsyes
MD5

4529c68eb1c7a905d1a2549b18671adf
SHA1

f4cccf934ee66a05e1d5cbe11778b896ee533e2b
SHA256

562b6f9799bf19a42aa840a2f7178cc11bce20110ade85cf354a57dd0b569824
SHA512

8149166e620c1ba49c5ab3571351c151ae6d1e08ac643ffc0f2ae3035bc6fe2cb23a77ce8f4faa56ae4b5b891a8ac9154c6a3b15082f8bc09f2f1d23676ae9df

Score

10^/10

ursnif_rm3 banker trojan

Malware Config

Targets

- Target
  
  562b6f9799bf19a42aa840a2f7178cc11bce20110ade85cf354a57dd0b569824.exe
- Size
  
  1.2MB
- MD5
  
  4529c68eb1c7a905d1a2549b18671adf
- SHA1
  
  f4cccf934ee66a05e1d5cbe11778b896ee533e2b
- SHA256
  
  562b6f9799bf19a42aa840a2f7178cc11bce20110ade85cf354a57dd0b569824
- SHA512
  
  8149166e620c1ba49c5ab3571351c151ae6d1e08ac643ffc0f2ae3035bc6fe2cb23a77ce8f4faa56ae4b5b891a8ac9154c6a3b15082f8bc09f2f1d23676ae9df
Score

10^/10

banker trojan ursnif_rm3
- Ursnif RM3
  A heavily modified version of Ursnif discovered in the wild.
  banker trojan ursnif_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankertrojanursnif_rm3

behavioral2