Overview

overview

10

Static

static

5e7740afdd...57.exe

windows7_x64

10

5e7740afdd...57.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8e54a89fc59683cee86de964ec475dea9fc5618b.zip.zip

  • Size

    135KB

  • Sample

    201218-4wka233k46

  • MD5

    d8af67525255e67d1d0756db78b94a27

  • SHA1

    bb3329bc701c3e189f9093e230a569e85fca22c2

  • SHA256

    5d3a9e1174f1e86b5511dbdd77f164e064e95be04d3b391b3c0538882c05db85

  • SHA512

    e5c9f76d1818a2ecb4a8766a1999e86e616d0ea3c3d39897446a8a35406b92d5ab3c20691c5db0ed9df4e56bd7a61cce10b8c66cbe7d0940f0443c910f2458be

Score
10/10
ursnif3400bankertrojan

Malware Config

Extracted

Family

ursnif

Botnet

3400

C2

microsoft.com

update.microsoft.com

avast.com

tm90daron.club

jamericohermann.com

b9437ariane.com
rsa_pubkey.base64
serpent.plain

Targets

    • Target

      5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57

    • Size

      208KB

    • MD5

      35e3868c7d28d2ed87248077f670c707

    • SHA1

      8e54a89fc59683cee86de964ec475dea9fc5618b

    • SHA256

      5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57

    • SHA512

      c8bbf7d192aff6c45005700014a22ea72832febc73b16ae925b339a356815b27bea3252917a9aa94e48fc05377b85bd1206f33c7e46fb17bdf325aff7ef40e37

    Score
    10/10
    ursnif3400bankertrojan

    • Ursnif, Dreambot

      Ursnif is a variant of the Gozi IFSB with more capabilities.

      bankertrojanursnif
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks