Some Russian campaign running over leaked email spreads different kind of malware. Today on Yahoo mail has come some fresh Ursnif with 0 detections. |
The domain used for my email was inactive and there was no file for download, but I found it somewhere else.
In the pictures below will find the research steps:
Was easy to find a sample of malware using the SHA256 (d6c0ca87f712c0633eab5ac020ceaad2e256cd3251808ce7c7b45faf4042123e) on Google.
The .zip file is detected and this may be an advantage for the users IF they are using the Antivirus that have on his database this sample… but this is another discussion…
At this moment the VirusTotal says 18/57.. so is going to be better in a few hours.
Now.. extracting them one by one we have a
I will not explain the whole process at this time but the way to do that you will find it on the recent post I’ve made: