ursnif | 5d3a9e1174f1e86b5511dbdd77f164e064e95be04d3b391b3c0538882c05db85 | Triage

Sharing

General

Target

8e54a89fc59683cee86de964ec475dea9fc5618b.zip.zip
Size

135KB
Sample

201218-4wka233k46
MD5

d8af67525255e67d1d0756db78b94a27
SHA1

bb3329bc701c3e189f9093e230a569e85fca22c2
SHA256

5d3a9e1174f1e86b5511dbdd77f164e064e95be04d3b391b3c0538882c05db85
SHA512

e5c9f76d1818a2ecb4a8766a1999e86e616d0ea3c3d39897446a8a35406b92d5ab3c20691c5db0ed9df4e56bd7a61cce10b8c66cbe7d0940f0443c910f2458be

Score

10^/10

ursnif 3400 banker trojan

Malware Config

Extracted

Family

ursnif

Botnet

3400

C2

microsoft.com

update.microsoft.com

avast.com

tm90daron.club

jamericohermann.com

b9437ariane.com

rsa_pubkey.base64

serpent.plain

Targets

- Target
  
  5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57
- Size
  
  208KB
- MD5
  
  35e3868c7d28d2ed87248077f670c707
- SHA1
  
  8e54a89fc59683cee86de964ec475dea9fc5618b
- SHA256
  
  5e7740afdd5c5865a2304e2f7c5fc3f1cd1016f503a4b1752923f44059fd1a57
- SHA512
  
  c8bbf7d192aff6c45005700014a22ea72832febc73b16ae925b339a356815b27bea3252917a9aa94e48fc05377b85bd1206f33c7e46fb17bdf325aff7ef40e37
Score

10^/10

ursnif 3400 banker trojan
- Ursnif, Dreambot
  Ursnif is a variant of the Gozi IFSB with more capabilities.
  banker trojan ursnif
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

ursnif3400bankertrojan

behavioral2

ursnif3400bankertrojan