ursnif | 2bd5a5a663b3a2818136ba7f1b3c431c50de70e70416b9bcdce3fee23ee3353e | Triage

Analysis

max time kernel
30s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
09-11-2020 20:18

Sharing

Report Analysis Logs

General

Target

d2cf37694cdb309cce804473c01072b8d1c3c1e9b82b41e432083f0d49299d2d.exe
Size

149KB
MD5

8a284bd4b467f47a0c7f32e9d5bb99ea
SHA1

5820c7e13bc3eaa8b54ee7ccd00d9bf8d7268e91
SHA256

2bd5a5a663b3a2818136ba7f1b3c431c50de70e70416b9bcdce3fee23ee3353e
SHA512

2782c3cfb036c17130be4e0070caf327f619251c7134122962b5b9a54e5c13d9e1e7a5a1a6df7fd0674e8c620ae9e0fcfed241ef8a1ec28a89665f402c78eeca

Score

10^/10

ursnif 3475 banker trojan

Malware Config

Extracted

Family

ursnif

Botnet

3475

C2

google.com

gmail.com

q982yeq23.xyz

t7763jykqeiy.com

hjruu.com

Attributes

dga_base_url
constitution.org/usdeclar.txt
dga_crc
1.320669898e+09
dga_season
10
dga_tlds
com

ru

org
dns_servers

rsa_pubkey.base64

serpent.plain

Signatures

Ursnif, Dreambot
Ursnif is a variant of the Gozi IFSB with more capabilities.
banker trojan ursnif

C:\Users\Admin\AppData\Local\Temp\d2cf37694cdb309cce804473c01072b8d1c3c1e9b82b41e432083f0d49299d2d.exe
"C:\Users\Admin\AppData\Local\Temp\d2cf37694cdb309cce804473c01072b8d1c3c1e9b82b41e432083f0d49299d2d.exe"
1⤵
PID:2036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2036-0-0x00000000001E0000-0x00000000001EE000-memory.dmp

Filesize
56KB

Download
memory/2036-1-0x00000000000A0000-0x00000000000AF000-memory.dmp

Filesize
60KB

Download