Resubmissions

18-03-2021 22:02

210318-wg14eesjje 10

13-11-2020 10:22

201113-ycmfkdqrdn 10

General

  • Target

    be294b6faca17e762d1722ea1e447a3ad3a57b4c110cfe8ff515e3d2047c5ad2

  • Size

    136KB

  • Sample

    201113-ycmfkdqrdn

  • MD5

    fe590fd117449bce4bfad57d36bfc099

  • SHA1

    a5c3d7738ebc1f1ce8353e135b8dcea17155077b

  • SHA256

    be294b6faca17e762d1722ea1e447a3ad3a57b4c110cfe8ff515e3d2047c5ad2

  • SHA512

    f8e39f1e83dd666fff67161864c75057a0f6b4ad1692f0013f0aef47d69ed350662f0784555a72fcdb34bb5937371c7d75010639d5ae31c32d7383ee10a6605b

Malware Config

Targets

    • Target

      be294b6faca17e762d1722ea1e447a3ad3a57b4c110cfe8ff515e3d2047c5ad2

    • Size

      136KB

    • MD5

      fe590fd117449bce4bfad57d36bfc099

    • SHA1

      a5c3d7738ebc1f1ce8353e135b8dcea17155077b

    • SHA256

      be294b6faca17e762d1722ea1e447a3ad3a57b4c110cfe8ff515e3d2047c5ad2

    • SHA512

      f8e39f1e83dd666fff67161864c75057a0f6b4ad1692f0013f0aef47d69ed350662f0784555a72fcdb34bb5937371c7d75010639d5ae31c32d7383ee10a6605b

    • Ursnif RM3

      A heavily modified version of Ursnif discovered in the wild.

    • Blacklisted process makes network request

    • Deletes itself

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks