Medium
A new mailspam campaign is targeting multiple industries across Italy with attachments ultimately delivering the URSNIF malware. The variant used in the campaign against Italian organizations contains some important “upgrades” compared with other samples of the Ursnif malware family and a significant evolution of the attack chain. First of all, the dropper uses Excel 4.0 macros (XLM macros) in the attempt to make it hard the detection by AVs, then it uses two different C2, one of them is only used for the registration of the victim machine identified by a UUID.
MD5
SHA-256
SHA1
URL