Behavioral task
behavioral1
Sample
ursnif.dll
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
ursnif.dll
Resource
win10-en-20211014
windows10_x64
0 signatures
0 seconds
General
-
Target
ursnif.dll
-
Size
284KB
-
MD5
32ca92979650828c99c30f9303c873b2
-
SHA1
14155816258aa5bd1f9b7953267d1ca7a685d7af
-
SHA256
b88ffcfd41d4acefa644335a9a72a8899c4a2f05f12b2d78bd792045441e5ae4
-
SHA512
8410ef72170dc3fb1cac0c72bff99d8b297a2bd3f5d5c772ceafd9933e6933a60fd973e957300489109975621cfec24f60b83b781f0551091f3373272ff5a259
Malware Config
Extracted
Family
gozi_ifsb
Botnet
8899
C2
http://msn.com
http://microsoft.com
https://45.9.20.197
https://45.9.20.175
https://193.239.85.56
https://gpoolol.com
https://hrappunos.com
Attributes
-
dga_season
10
-
dns_servers
107.174.86.134
107.175.127.22
-
exe_type
worker
-
server_id
12
rsa_pubkey.plain
serpent.plain
Signatures
-
Gozi_ifsb family
Files
-
ursnif.dll.dll windows x64