General

  • Target

    ursnif_23032021.dll

  • Size

    60KB

  • Sample

    210423-waeth1aljj

  • MD5

    fd52ace064492971c79ae679d1326aef

  • SHA1

    b8fb62eaf0415586a1949863c1981d543199179b

  • SHA256

    d160a82b9eb5124d9a5da6ded92f40635464cbcdf357feb471a7e87fc56a8339

  • SHA512

    1249c6d8f72e45631d47bf27489761963bd2148e0c0ec1743973bbf386268cd2a9be65bc8fa6d1d9a38ada8b35e8e78f6f02a0780af12d50c461ddeec12ca10b

Malware Config

Extracted

Family

gozi_rm3

Botnet

210307

C2

https://thetopdomain.xyz

Attributes
  • build

    300960

  • exe_type

    loader

  • non_target_locale

    RU

  • server_id

    12

  • url_path

    index.htm

rsa_pubkey.plain
serpent.plain

Targets

    • Target

      ursnif_23032021.dll

    • Size

      60KB

    • MD5

      fd52ace064492971c79ae679d1326aef

    • SHA1

      b8fb62eaf0415586a1949863c1981d543199179b

    • SHA256

      d160a82b9eb5124d9a5da6ded92f40635464cbcdf357feb471a7e87fc56a8339

    • SHA512

      1249c6d8f72e45631d47bf27489761963bd2148e0c0ec1743973bbf386268cd2a9be65bc8fa6d1d9a38ada8b35e8e78f6f02a0780af12d50c461ddeec12ca10b

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Tasks