ursnif_rm3 | 0801cec2da6b5bcfd697280ef7532c9b5dfbf67ffe3c5bdf32fd73efb51b9d22 | Triage

Sharing

General

Target

337sase.exe
Size

332KB
Sample

200713-lcbd2tvs1n
MD5

bec36d5a334ee861e20fcb663dc024ec
SHA1

497d5939f024732546d6c981d04c1a85fb0b4312
SHA256

0801cec2da6b5bcfd697280ef7532c9b5dfbf67ffe3c5bdf32fd73efb51b9d22
SHA512

b65c6fd58cda06cb532b4fa8a60e4aee15c3a2544be57139c59d0234abd5f83a489b9a5fbe8278ec0bca28aac2021f4b00e0fc17192998726c87026d853a8a5f

Score

10^/10

ursnif_rm3 banker evasion spyware trojan

Malware Config

Targets

- Target
  
  337sase.exe
- Size
  
  332KB
- MD5
  
  bec36d5a334ee861e20fcb663dc024ec
- SHA1
  
  497d5939f024732546d6c981d04c1a85fb0b4312
- SHA256
  
  0801cec2da6b5bcfd697280ef7532c9b5dfbf67ffe3c5bdf32fd73efb51b9d22
- SHA512
  
  b65c6fd58cda06cb532b4fa8a60e4aee15c3a2544be57139c59d0234abd5f83a489b9a5fbe8278ec0bca28aac2021f4b00e0fc17192998726c87026d853a8a5f
Score

10^/10

banker trojan ursnif_rm3 evasion spyware
- Ursnif RM3
  A heavily modified version of Ursnif discovered in the wild.
  banker trojan ursnif_rm3
- Modifies system certificate store
  evasion spyware trojan
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bankertrojanursnif_rm3evasionspyware

behavioral2