ursnif_rm3 | 9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0 | Triage

Resubmissions

11-01-2021 03:44

210111-v8hz9lm7zs 10

29-11-2020 15:49

201129-sp88h75zyn 10

Sharing

General

Target

9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0
Size

132KB
Sample

210111-v8hz9lm7zs
MD5

b0f3a46adf98efb3a9ac7cead9b4fc5a
SHA1

01b0ece80907f2d9e500ada1cd2d555b782dd3a2
SHA256

9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0
SHA512

22076388da1305e1a9b7ad3257fde95b81118983c95b0025b3a4c848b6703257dbaeaad3da10dab7e66c18fdb7bc015dbf08f20ad0f37543f40e5b448779b6be

Score

10^/10

ursnif_rm3 banker trojan

Malware Config

Targets

- Target
  
  9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0
- Size
  
  132KB
- MD5
  
  b0f3a46adf98efb3a9ac7cead9b4fc5a
- SHA1
  
  01b0ece80907f2d9e500ada1cd2d555b782dd3a2
- SHA256
  
  9e0cfd00991a3d387a78770a7748418b4d0ab978717f84a399d766b19a971df0
- SHA512
  
  22076388da1305e1a9b7ad3257fde95b81118983c95b0025b3a4c848b6703257dbaeaad3da10dab7e66c18fdb7bc015dbf08f20ad0f37543f40e5b448779b6be
Score

10^/10

ursnif_rm3 banker trojan
- Ursnif RM3
  A heavily modified version of Ursnif discovered in the wild.
  banker trojan ursnif_rm3
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

ursnif_rm3bankertrojan

behavioral2