Analysis

  • max time kernel
    31s
  • max time network
    11s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    09-11-2020 20:18

General

  • Target

    a8a24bfdf5de4000030be38cc90e3e24e9f215e87a351b6d80825bd9781fe23a.exe

  • Size

    149KB

  • MD5

    6ceb3ccf75e4da807c3e145335777ab0

  • SHA1

    4f1fda8c8279acb1daf629a790ea26d363e0317b

  • SHA256

    a7ccb16be21a4545df6e4edc1574b36a3c209fe040243bd70aec35b031a4e9ac

  • SHA512

    6e92841bb34da468c592586fc15e38d72277089923d7fa0a7cd8d54210245277366fb8ccfd4fdd16310d87969d7276be7ffa2218a3a45cc58f4ad4b9fb71d831

Malware Config

Extracted

Family

ursnif

Botnet

3475

C2

google.com

gmail.com

q982yeq23.xyz

t7763jykqeiy.com

hjruu.com

Attributes
  • dga_base_url

    constitution.org/usdeclar.txt

  • dga_crc

    1.320669898e+09

  • dga_season

    10

  • dga_tlds

    com

    ru

    org

  • dns_servers

rsa_pubkey.base64
serpent.plain

Signatures

  • Ursnif, Dreambot

    Ursnif is a variant of the Gozi IFSB with more capabilities.

Processes

  • C:\Users\Admin\AppData\Local\Temp\a8a24bfdf5de4000030be38cc90e3e24e9f215e87a351b6d80825bd9781fe23a.exe
    "C:\Users\Admin\AppData\Local\Temp\a8a24bfdf5de4000030be38cc90e3e24e9f215e87a351b6d80825bd9781fe23a.exe"
    1⤵
      PID:1732

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1732-0-0x0000000000870000-0x000000000087E000-memory.dmp

      Filesize

      56KB

    • memory/1732-1-0x0000000000110000-0x000000000011F000-memory.dmp

      Filesize

      60KB