Trojan.Spy.Ursnif is a Trojan malware designed to steal information and compromise the infected system. The Trojan is known to take snapshot of processes and latches on to the browser. All major browsers from Chrome and Firefox to Opera and Safari are affected by this Trojan. It connects to a remote server giving different host names. The code executed to connect to the remote server is give below
GET /cgi-bin/cmd.cgi?user_id=2806922672&version_id=2037028&passphrase=fkjvhsdvlksdhvlsd&socks=0&version=2037028&crc=00000000 HTTP/1.1
The Trojan affects the registry entries to be executed every time the system is switched on. The Trojan also adds an exception in the windows firewall setting to ensure that it is not blocked. It also downloads an encrypted buffer to the memory location containing bank websites names to steal account information and passwords.