ursnif_rm3 | 648a561dce7339c481ee358a6b72a71ad76a5f51362b501a3e385b2b69ff7d8e | Triage

Sharing

General

Target

648a561dce7339c481ee358a6b72a71ad76a5f51362b501a3e385b2b69ff7d8e
Size

460KB
Sample

200604-48mlkyahhn
MD5

06a9c78510edcd2d4157d65274083a59
SHA1

a21bd8d57c47ad2a451de5100809569e295d0c67
SHA256

648a561dce7339c481ee358a6b72a71ad76a5f51362b501a3e385b2b69ff7d8e
SHA512

c320513ba00c3d3a9991201a57ec2bcbd0f59ea5b2b95003f00d56888b013e1dc4a081e82fe5ee58719b4c50d85640f98848742f0345f2cd264580cbf5fa8546

Score

10^/10

ursnif_rm3 banker trojan

Malware Config

Targets

- Target
  
  648a561dce7339c481ee358a6b72a71ad76a5f51362b501a3e385b2b69ff7d8e
- Size
  
  460KB
- MD5
  
  06a9c78510edcd2d4157d65274083a59
- SHA1
  
  a21bd8d57c47ad2a451de5100809569e295d0c67
- SHA256
  
  648a561dce7339c481ee358a6b72a71ad76a5f51362b501a3e385b2b69ff7d8e
- SHA512
  
  c320513ba00c3d3a9991201a57ec2bcbd0f59ea5b2b95003f00d56888b013e1dc4a081e82fe5ee58719b4c50d85640f98848742f0345f2cd264580cbf5fa8546
Score

10^/10

banker trojan ursnif_rm3
- Ursnif RM3
  A heavily modified version of Ursnif discovered in the wild.
  banker trojan ursnif_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bankertrojanursnif_rm3

behavioral2