SHARE
TWEET

2019-08-28 - File info from today's Ursnif infection

malware_traffic Aug 28th, 2019 (edited) 1,302 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-08-28 - FILE INFO FROM TODAY'S URSNIF INFECTION
  2.  
  3. SHA256 hash: 9fe49df961f49f18793c67f58d43d8d252f8e2a8d572bbf5fe2270f8669b21c4
  4. File size: 42,542 bytes
  5. File name: Thornburg_Enterprises.zip
  6. File description: Password-protected zip archive attached to malspam - password: 777
  7.  
  8. SHA256 hash: d80f9e4e3c3d09037d74f18a8886683411c62ea5725a51b4b463302ecbb5ba8a
  9. File size: 79,360 bytes
  10. File name: info_08.28.doc
  11. File description: Word doc (retrieved from above zip archive) with macro for Ursnif
  12.  
  13. SHA256 hash: 7f007343270f31fbf354658907c6abaeedd919af4a4988c6bc5b956e2e463102
  14. File size: 1,778 bytes
  15. File location: C:\Windows\Temp\STMjnzVHgrG.js
  16. File description: JavaScript file generated by Word macro
  17.  
  18. SHA256 hash: 3e8eeb861fb46f829cf9608f25810573754f98329f5fc8cd259aa8bd6b6b892e
  19. File size: 267,776 bytes
  20. File location: hxxp://kicgfgxspfqq6d79[.]com/pwoxi444/vpvop.php
  21. File location: C:\Windows\Temp\71.exe
  22. File description: Initial Ursnif EXE retrieved by above JavaScript file
  23.  
  24. SHA256 hash: 55bf7880eef7d938d5c863cc7c8c2a81a4c6166135b85103c99248315be9ed75
  25. File size: 706,560 bytes
  26. File location: hxxp://thecellar[.]site/wp-content/uploads/2019/08/shirngnasd.rar (encoded/encrypted)
  27. File location: C:\Users\[username]\AppData\Local\Temp\985848.exe
  28. File description: Trickbot (gtag: leo8) retrieved by Ursnif-infected host (1 of 2)
  29.  
  30. SHA256 hash: 585116f13e90c2ef1f2654979d603d894a6f2f9541316fbdc2c3bed40182ff47
  31. File size: 783,360 bytes
  32. File location: hxxp://thecellar[.]site/wp-content/uploads/2019/08/shirngnasd.rar (same URL as above)
  33. File location: C:\Users\[username]\AppData\Local\Temp\3088772.exe
  34. File description: Trickbot (gtag: leo8) retrieved by Ursnif-infected host (2 of 2)
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top