ursnif_rm3 | 0e5cda7dd0ed8c3ce20b1019f5895deb2b780039d4ed3e32cb7d383bf237ca33 | Triage

Sharing

General

Target

sorvpng
Size

599KB
Sample

201209-r4wscvn316
MD5

4b4b4f795f03dd4bd84759cf7da0eae9
SHA1

40b9fd52a1db33bac2a9ef12ddee3439d7e2d3f8
SHA256

0e5cda7dd0ed8c3ce20b1019f5895deb2b780039d4ed3e32cb7d383bf237ca33
SHA512

178a8065b7306cbd9e4586e0079e614f9131e5364aefa778af7d8974c839e36ea5419fd3f0362a9757a5fee97c4fc1363e32d1c3a30f11148ca1cb141ea14265

Score

10^/10

ursnif_rm3 banker trojan

Malware Config

Targets

- Target
  
  sorvpng
- Size
  
  599KB
- MD5
  
  4b4b4f795f03dd4bd84759cf7da0eae9
- SHA1
  
  40b9fd52a1db33bac2a9ef12ddee3439d7e2d3f8
- SHA256
  
  0e5cda7dd0ed8c3ce20b1019f5895deb2b780039d4ed3e32cb7d383bf237ca33
- SHA512
  
  178a8065b7306cbd9e4586e0079e614f9131e5364aefa778af7d8974c839e36ea5419fd3f0362a9757a5fee97c4fc1363e32d1c3a30f11148ca1cb141ea14265
Score

10^/10

ursnif_rm3 banker trojan
- Ursnif RM3
  A heavily modified version of Ursnif discovered in the wild.
  banker trojan ursnif_rm3
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ursnif_rm3bankertrojan

behavioral2