Technical Analysis of Malware Hunter JAMESWT
MISE is still emerging from cybercrime to spread Ursnif / Kosi in Italy. Each email has a zip link with different word files. Doc communicates with the single link (changes in each document) and begins to infect the malware, which in turn initiates the malware infection. There is no zip variation
False email from the Ministry of Economic Development (MISE) Carries Ursnif / Kosi in Italy. Communications about the economic benefits to companies affiliated with the Govt-19 emergency are on the bait.
The link to the compressed zip file contains a document file (both different in each message).
When it opens, it connects to a link (which varies in each document) and downloads the malware, which initiates the malware infection.
Moreover, the cyber crime attack is clearly against our country. Links can only be made to DLL if contacted by Italian IPs. Additionally, this can only be downloaded once. Finally, the IP, if it has already downloaded dll in the past, will be automatically blocked. Also, there is a variation on this new campaign, which attaches the document file directly to the email without first compressing it.
Ursnif / Kosi is a banking Trojan capable of intercepting network traffic, stealing credentials and downloading other malware.