Resubmissions

23-01-2024 11:22

240123-ng2j1ahgel 10

26-06-2020 17:36

200626-xs19z3xc5a 10

General

  • Target

    SecuriteInfo.com.BScope.TrojanSpy.Ursnif.27559

  • Size

    426KB

  • Sample

    200626-xs19z3xc5a

  • MD5

    95d3b622d696c1a31dbef624a2e47163

  • SHA1

    8a1c5a4f794af421e7b54471ed7f4a62212721a0

  • SHA256

    f84e08a4d83f63cb37f7117f401c242ecbd3ebbd6b7a12fb99332bcf5950f803

  • SHA512

    c3ac8a246e7d769faa21f330c5c0a0fef4c4e33a6875478e43ee891f367e90fee3ea657b08ba338f6263e38b17efe69b7c5c1c86167afc871b9a20f251fd67d1

Malware Config

Targets

    • Target

      SecuriteInfo.com.BScope.TrojanSpy.Ursnif.27559

    • Size

      426KB

    • MD5

      95d3b622d696c1a31dbef624a2e47163

    • SHA1

      8a1c5a4f794af421e7b54471ed7f4a62212721a0

    • SHA256

      f84e08a4d83f63cb37f7117f401c242ecbd3ebbd6b7a12fb99332bcf5950f803

    • SHA512

      c3ac8a246e7d769faa21f330c5c0a0fef4c4e33a6875478e43ee891f367e90fee3ea657b08ba338f6263e38b17efe69b7c5c1c86167afc871b9a20f251fd67d1

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Blacklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Modifies service

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks