ursnif | 2b6fcb1b4cfb00114d2a79ae86e3406585df4ae8616e3d235c987a5100ae0ded | Triage

Sharing

General

Target

100000.dll
Size

50KB
Sample

200811-s4l1b8lh5s
MD5

15c83c1ea197eb1889921fc281bf10c3
SHA1

ef95a71fdca5820529d3dcb986ef1170e2a9fdd1
SHA256

2b6fcb1b4cfb00114d2a79ae86e3406585df4ae8616e3d235c987a5100ae0ded
SHA512

4ab0c1075246a9cb188d1e1c932df1c2b12f30032d1f6159a93bba0abea2714975916c57549a1fb2c90597c53420c09855626cbb27551364d49ef68fadd9e43e

Score

10^/10

ursnif 4779 banker trojan

Malware Config

Extracted

Family

ursnif

Botnet

4779

C2

37.10.71.42

loaidifds.club

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  100000.dll
- Size
  
  50KB
- MD5
  
  15c83c1ea197eb1889921fc281bf10c3
- SHA1
  
  ef95a71fdca5820529d3dcb986ef1170e2a9fdd1
- SHA256
  
  2b6fcb1b4cfb00114d2a79ae86e3406585df4ae8616e3d235c987a5100ae0ded
- SHA512
  
  4ab0c1075246a9cb188d1e1c932df1c2b12f30032d1f6159a93bba0abea2714975916c57549a1fb2c90597c53420c09855626cbb27551364d49ef68fadd9e43e
Score

10^/10

banker trojan ursnif
- Ursnif, Dreambot
  Ursnif is a variant of the Gozi IFSB with more capabilities.
  banker trojan ursnif
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bankertrojanursnif

behavioral2

bankertrojanursnif