ursnif_rm3 | 790191b70550856b3e8ec108fdb82cd8d852822d6716ec865f21cfb5ad160b7c | Triage

Sharing

General

Target

ox9.dll
Size

233KB
Sample

201223-52rtl7qalx
MD5

68cf96f4bc91628e22e1526d9728990b
SHA1

a1e1063ec8c3667e86e1afab81cb6bbea84485b3
SHA256

790191b70550856b3e8ec108fdb82cd8d852822d6716ec865f21cfb5ad160b7c
SHA512

ca6bb734df8bf35a2f3346ff5ad954ecc058a719b0eabf90d8c323b80ed6b8659cef5b5f51f65b149c48435bc396920549a72471b0cde1d70a02bf59dbf37b24

Score

10^/10

ursnif_rm3 banker trojan

Malware Config

Targets

- Target
  
  ox9.dll
- Size
  
  233KB
- MD5
  
  68cf96f4bc91628e22e1526d9728990b
- SHA1
  
  a1e1063ec8c3667e86e1afab81cb6bbea84485b3
- SHA256
  
  790191b70550856b3e8ec108fdb82cd8d852822d6716ec865f21cfb5ad160b7c
- SHA512
  
  ca6bb734df8bf35a2f3346ff5ad954ecc058a719b0eabf90d8c323b80ed6b8659cef5b5f51f65b149c48435bc396920549a72471b0cde1d70a02bf59dbf37b24
Score

10^/10

ursnif_rm3 banker trojan
- Ursnif RM3
  A heavily modified version of Ursnif discovered in the wild.
  banker trojan ursnif_rm3
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ursnif_rm3bankertrojan

behavioral2