pseudomanuscrypt | 6dbddba630ea7382f81f01ede022be530fae7f1ba7a369c7808fd67a2457523c | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

6dbddba630ea7382f81f01ede022be530fae7f1ba7a369c7808fd67a2457523c
Size

644KB
Sample

230228-zkme2adb37
MD5

a00c734d7a5312cdf8ed6c75ef68941b
SHA1

28bf3699687c087f6e79e83bb3a661ab77a22f63
SHA256

6dbddba630ea7382f81f01ede022be530fae7f1ba7a369c7808fd67a2457523c
SHA512

95b47173d13c9eea61dd467b2b14faf7b02e34f6158410119d996f307d792bd609508e770cdc163452955db17d55f58c2aabe3bf8c082b4862c15a223450a29b
SSDEEP

12288:e1LkAWcOiaZmqFdbdu/gm3kmzQ8MLyX9SSquGyb4VXq1OVe:e1wAWcObTwVzBM2NSSBGk4V7e

Score

10^/10

pseudomanuscrypt loader spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

6dbddba630ea7382f81f01ede022be530fae7f1ba7a369c7808fd67a2457523c.exe

Resource

win10-20230220-en

pseudomanuscrypt loader spyware stealer

windows10-1703-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  6dbddba630ea7382f81f01ede022be530fae7f1ba7a369c7808fd67a2457523c
- Size
  
  644KB
- MD5
  
  a00c734d7a5312cdf8ed6c75ef68941b
- SHA1
  
  28bf3699687c087f6e79e83bb3a661ab77a22f63
- SHA256
  
  6dbddba630ea7382f81f01ede022be530fae7f1ba7a369c7808fd67a2457523c
- SHA512
  
  95b47173d13c9eea61dd467b2b14faf7b02e34f6158410119d996f307d792bd609508e770cdc163452955db17d55f58c2aabe3bf8c082b4862c15a223450a29b
- SSDEEP
  
  12288:e1LkAWcOiaZmqFdbdu/gm3kmzQ8MLyX9SSquGyb4VXq1OVe:e1wAWcObTwVzBM2NSSBGk4V7e
Score

10^/10

pseudomanuscrypt loader spyware stealer
- Detects PseudoManuscrypt payload
  loader
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- PseudoManuscrypt
  PseudoManuscrypt is a malware Lazarus’s Manuscrypt targeting government organizations and ICS.
  loader pseudomanuscrypt
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

pseudomanuscryptloaderspywarestealer

© 2018-2024

Terms | Privacy