ursnif_rm3 | ae87b82d817d363b159e072be2e2017dfe0bcf7fd3bc6a7c9dee0ff885eefc5f | Triage

Submit
Reports

Overview

overview

Static

static

Information.xlsb

windows7_x64

Information.xlsb

windows10_x64

Sharing

General

Target

Information.xlsb
Size

20KB
Sample

201113-72m4k28fbs
MD5

4dddb0320eac6050d6360c92c104d05c
SHA1

816db7af62de3dc200b88357a5341c6ce184cc93
SHA256

ae87b82d817d363b159e072be2e2017dfe0bcf7fd3bc6a7c9dee0ff885eefc5f
SHA512

b177b5faa839aeead6c9c732b0182b928903dd34e02d968b95cd93b2f3f01c3b72043c9dafcb6a96a9d1eeb67e4e12abaf537f7ac32b3d166d7f82914844881d

Score

10^/10

ursnif_rm3 banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

Information.xlsb

Resource

win7v20201028

ursnif_rm3 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Information.xlsb

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Information.xlsb
- Size
  
  20KB
- MD5
  
  4dddb0320eac6050d6360c92c104d05c
- SHA1
  
  816db7af62de3dc200b88357a5341c6ce184cc93
- SHA256
  
  ae87b82d817d363b159e072be2e2017dfe0bcf7fd3bc6a7c9dee0ff885eefc5f
- SHA512
  
  b177b5faa839aeead6c9c732b0182b928903dd34e02d968b95cd93b2f3f01c3b72043c9dafcb6a96a9d1eeb67e4e12abaf537f7ac32b3d166d7f82914844881d
Score

10^/10

ursnif_rm3 banker trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Ursnif RM3
  A heavily modified version of Ursnif discovered in the wild.
  banker trojan ursnif_rm3
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ursnif_rm3bankertrojan

behavioral2

© 2018-2024

Terms | Privacy