Having fun with an Ursnif VBS dropper
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Control Panel - T1218.002 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Rundll32 - T1218.011 Visual Basic - T1059.005 Tool - T1588.002 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | 0014986f-6050-49b6-91bd-28923391a5ca |
| Fingerprint | b88bb0138e25a3b8 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Nov. 27, 2020, 6:50 p.m. |
| Added to db | Aug. 13, 2023, 1:58 a.m. |
| Last updated | Oct. 27, 2024, 11:13 p.m. |
| Headline | Robert Giczewski |
| Title | Having fun with an Ursnif VBS dropper |
| Detected Hints/Tags/Attributes | 27/2/14 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 157 | ✔ | First world cyber problems | https://malware.love/feed.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 12 | malware.love |
|
| Details | Domain | 57 | adobe.com |
|
| Details | Domain | 1 | monica.zip |
|
| Details | File | 1 | apsyyn8rw2xf.vbs |
|
| Details | File | 1 | %userprofile%\downloads\614500741.txt |
|
| Details | File | 1 | %temp%\microsoft.url |
|
| Details | File | 1 | %temp%\adobe.url |
|
| Details | File | 1 | %temp%\monica.zip |
|
| Details | File | 1 | monica.zip |
|
| Details | File | 1 | accouter.dxf |
|
| Details | File | 1 | inhibitory.tif |
|
| Details | sha256 | 1 | fd490c7b728af08052cf4876c1fc8c6e290bde368b6343492d60fc9d8364a7e5 |
|
| Details | Url | 5 | https://adobe.com |
|
| Details | Windows Registry Key | 20 | HKEY_CURRENT_USER\Control |