ursnif_rm3 | 867ba4a56a4f26230020eb93794d28c1aae9023882f63ad61101f7bf6acd13a1 | Triage

Submit
Reports

Overview

overview

Static

static

run.bat

windows7_x64

run.bat

windows10_x64

1

Sharing

General

Target

run.zip
Size

91KB
Sample

201113-j8b5kl3jrx
MD5

580df8b4418644f9ac13cd5e62f6928e
SHA1

5306b57ce8f5d2a3cfd362cc3862d3e8930b758e
SHA256

867ba4a56a4f26230020eb93794d28c1aae9023882f63ad61101f7bf6acd13a1
SHA512

a25a1f25e2717a0d87fddf8d89d6c47abc12e10650a636bebd7855bc417b4cc050c2adefe945893ea81c94d51f9cd7939c3308860e83a631976d099ae68ebc6e

Score

10^/10

ursnif_rm3 banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

run.bat

Resource

win7v20201028

ursnif_rm3 banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

run.bat

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  run.bat
- Size
  
  32B
- MD5
  
  620730fa5833ca62711e01172f9767c4
- SHA1
  
  402d21e79fb264be16ed69f6d07d9e35bdd8fb91
- SHA256
  
  5e6b3126b585d6cbc03f0f2f03487cbf48519476407064a61ec0652cfc4172ea
- SHA512
  
  62c8dc846c1c18bbac254b4c48d84627646fe81bf68b7c69a8fe694706cdad3632558f7db11abbb6fd67f26c30f0fb32819374b02b3cb1d49ab455cd99d7f0de
Score

10^/10

ursnif_rm3 banker trojan
- Ursnif RM3
  A heavily modified version of Ursnif discovered in the wild.
  banker trojan ursnif_rm3
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ursnif_rm3bankertrojan

behavioral2

© 2018-2025

Terms | Privacy