ursnif | 4f61fcafad37cc40632ad85e4f8aa503d63700761e49db19c122bffa7084e4ec | Triage

Submit
Reports

Overview

overview

Static

static

y.rb.dll

windows7_x64

1

y.rb.dll

windows10_x64

Sharing

General

Target

y.rb
Size

421KB
Sample

201109-4242dbbpwn
MD5

838c6c76b5f43793ba6a966ff3cfe1bf
SHA1

e3e98f6f780c54a86af046a8612b984dbbe16a24
SHA256

4f61fcafad37cc40632ad85e4f8aa503d63700761e49db19c122bffa7084e4ec
SHA512

cc09c8b79f082046341adc5142ac9c22eea8ef3941d703b3f03a9a3cedf59920eeebfe83d89a6ee8e074ec7168156208b461a18f66c5ceb80b6d6def36eab6be

Score

10^/10

ursnif banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

y.rb.dll

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

y.rb.dll

Resource

win10v20201028

ursnif banker trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  y.rb
- Size
  
  421KB
- MD5
  
  838c6c76b5f43793ba6a966ff3cfe1bf
- SHA1
  
  e3e98f6f780c54a86af046a8612b984dbbe16a24
- SHA256
  
  4f61fcafad37cc40632ad85e4f8aa503d63700761e49db19c122bffa7084e4ec
- SHA512
  
  cc09c8b79f082046341adc5142ac9c22eea8ef3941d703b3f03a9a3cedf59920eeebfe83d89a6ee8e074ec7168156208b461a18f66c5ceb80b6d6def36eab6be
Score

10^/10

ursnif banker trojan
- Ursnif, Dreambot
  Ursnif is a variant of the Gozi IFSB with more capabilities.
  banker trojan ursnif
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

ursnifbankertrojan

© 2018-2024

Terms | Privacy