General
-
Target
c4a0ba1e7feb1823cf944c841c24bdb63032e8a862a9f6d15f335de248a549dd
-
Size
312KB
-
Sample
230222-jzvrysad49
-
MD5
c93e8fd74bc5be14e7385d41ee1cb85a
-
SHA1
27fc121b4920857c55723725b5d6b67633047b23
-
SHA256
c4a0ba1e7feb1823cf944c841c24bdb63032e8a862a9f6d15f335de248a549dd
-
SHA512
20fa83f0444267d79607e9f1481d49f50cacc2d1f3453755e9df52d15f0850818b2ecbaddf3dfde22c7d3f354785d61b379f9ce7b0ccfac905a7e47ded902b98
-
SSDEEP
6144:E4PWLN3m+XeeqeO0UQeQ8KbLVHqAQg5jIQsdEPn:6aeqeO0UQB8KFHqAYdEPn
Malware Config
Targets
-
-
Target
c4a0ba1e7feb1823cf944c841c24bdb63032e8a862a9f6d15f335de248a549dd
-
Size
312KB
-
MD5
c93e8fd74bc5be14e7385d41ee1cb85a
-
SHA1
27fc121b4920857c55723725b5d6b67633047b23
-
SHA256
c4a0ba1e7feb1823cf944c841c24bdb63032e8a862a9f6d15f335de248a549dd
-
SHA512
20fa83f0444267d79607e9f1481d49f50cacc2d1f3453755e9df52d15f0850818b2ecbaddf3dfde22c7d3f354785d61b379f9ce7b0ccfac905a7e47ded902b98
-
SSDEEP
6144:E4PWLN3m+XeeqeO0UQeQ8KbLVHqAQg5jIQsdEPn:6aeqeO0UQB8KFHqAYdEPn
Score10/10-
Detects PseudoManuscrypt payload
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
PseudoManuscrypt
PseudoManuscrypt is a malware Lazarus’s Manuscrypt targeting government organizations and ICS.
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-