Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ursnif.bin
-
Size
332KB
-
Sample
221225-lqbntsee3v
-
MD5
a03b2c0e5af189c08c70a6532ab48300
-
SHA1
b4d68c7f0bc9a592f500de86e0125dd1e2a36089
-
SHA256
112b84b09d2051376879f697f03190240132b87bbac0d069175bd3039d492f56
-
SHA512
c77f652b8300763e9ebd5c93b85bfd5c8ef904c03f0ecc1fac9128fea211058980402ca511d71fa07d95fedb74abc8658a1bfc636f749c2022e64e96d427f3a7
-
SSDEEP
6144:4i7CLqelbeSO8XNHlreeOxeZ61hJFIJfVAVrwU+:jGGWbRNHlKel6PHgtyQ
Static task
static1
Behavioral task
behavioral1
Sample
ursnif.exe
Resource
win7-20221111-en
Malware Config
Extracted
gozi
Extracted
gozi
3000
trackingg-protectioon.cdn4.mozilla.net
185.189.151.38
31.214.157.31
protectioon.cdn4.mozilla.net
9185.212.47.59
194.76.224.95
194.76.227.159
91.241.93.111
-
base_path
/fonts/
-
build
250249
-
exe_type
loader
-
extension
.bak
-
server_id
50
Extracted
gozi
3000
protectioon.cdn4.mozilla.net
194.76.224.95
194.76.227.159
91.241.93.111
31.214.157.31
9185.212.47.59
trackingg-protectioon.cdn4.mozilla.net
185.189.151.38
-
base_path
/fonts/
-
build
250249
-
exe_type
worker
-
extension
.bak
-
server_id
50
Targets
-
-
Target
ursnif.bin
-
Size
332KB
-
MD5
a03b2c0e5af189c08c70a6532ab48300
-
SHA1
b4d68c7f0bc9a592f500de86e0125dd1e2a36089
-
SHA256
112b84b09d2051376879f697f03190240132b87bbac0d069175bd3039d492f56
-
SHA512
c77f652b8300763e9ebd5c93b85bfd5c8ef904c03f0ecc1fac9128fea211058980402ca511d71fa07d95fedb74abc8658a1bfc636f749c2022e64e96d427f3a7
-
SSDEEP
6144:4i7CLqelbeSO8XNHlreeOxeZ61hJFIJfVAVrwU+:jGGWbRNHlKel6PHgtyQ
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Suspicious use of SetThreadContext
-