Overview

overview

10

Static

static

5e320cafb3...a6.dll

windows7_x64

8

5e320cafb3...a6.dll

windows10_x64

10

Resubmissions

23-08-2021 18:19

210823-zsnm2vq9pj 10

24-12-2020 08:17

201224-d3h89dhrs2 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06369d24c347761e4c618f4759c0de01.zip

  • Size

    118KB

  • Sample

    201224-d3h89dhrs2

  • MD5

    fb31b6d4fde820eea2877612ad71caf3

  • SHA1

    a08d51b9722765693cb57125be858c12142a511c

  • SHA256

    decc5373395af97614b932bb9bd99d8febd84cfd8ca09cc7d765f187c9253907

  • SHA512

    06d858df58de31f3f203cbd1b485e13c99ebcde6542978e1c76eb07c5c213237e42e5b891b65354885e0d502f7b98a4532cbc2eb3f15dd36065979585f344e77

Score
10/10
ursnifbankertrojan

Malware Config

Targets

    • Target

      5e320cafb35de3e8f8c8c5878fe399143eda3b5a8b2076171754c97f350135a6

    • Size

      619KB

    • MD5

      06369d24c347761e4c618f4759c0de01

    • SHA1

      b76ab3c1e5a5fbe177030fd6e4a2c082c2f43264

    • SHA256

      5e320cafb35de3e8f8c8c5878fe399143eda3b5a8b2076171754c97f350135a6

    • SHA512

      c2efe5c5d999961a345a06d49361e5fb7cfa6f8ca13ec1d919279c99fa8863394157b2f6c9695922fc172d5322157360549f1a048fff648f2cab9d7fe7436547

    Score
    10/10
    ursnifbankertrojan

    • Ursnif, Dreambot

      Ursnif is a variant of the Gozi IFSB with more capabilities.

      bankertrojanursnif

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks