Autonomous SOC Platform
Today My Online Security published research describing a fairly large Ursnif campaign targeting the United Kingdom. The threat actors behind the attack are using Brexit as a topical lure to attract potential phishing candidates, with emails mentioning Brexit in the subject line linking to a google document that downloads the malware file.
On Twitter a user by the name of craT0x (@justmlwhunting) published the payload of this malware sample. We took the payload from the researcher’s tweet and performed an analysis on our Genetic Malware Analysis tool, Intezer Analyze, to see if we could confirm that the payload shares code with previously seen Ursnif samples.
Thank you for sharing!
This is the payload:https://t.co/OzXJATVzfy#ursnif
— craT0x (@justmlwhunting) December 11, 2018
Intezer Analyze detected the payload as malicious and classified it as a member of the Ursnif malware family. As you can see below, the payload shares 22 genes and 12 strings with previous Ursnif samples.
https://analyze.intezer.com/#/analyses/d2f9c2bb-9106-462c-8f60-9923b7870f38
Identifying patterns in code reuse is an effective way to accurately detect and classify malware. Try Intezer Analyze today. Users of the free community edition can upload up to 10 files per day to identify code reuse to trusted and malicious software and gain insights about malware families and threat actors.
Count on Intezer’s Autonomous SOC solution to handle the security operations grunt work.
Recommended Articles
-
.NET Malware 101: Analyzing the .NET Executable File Structure
Welcome to our deep dive into the world of .NET malware reverse engineering. As... 13 March 2024 -
FBI Takedown: IPStorm Botnet Infrastructure Dismantled
UPDATE NOVEMBER 2023: IPStorm Infrastructure Dismantled by FBI The FBI today revealed US law... 14 November 2023 -
Malware Reverse Engineering – Unraveling the Secrets of Encryption in Malware
Encryption is everywhere in our lives. You might not notice it, but you use... 7 August 2023
