pseudomanuscrypt | eaf978fd469c4acc54a1b4cdaa4298c04b385b0cce10215f96a737b26a27fd30 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

eaf978fd469c4acc54a1b4cdaa4298c04b385b0cce10215f96a737b26a27fd30
Size

308KB
Sample

230306-gb719sad3t
MD5

24527c1cb60027d91ddc051990ba55ca
SHA1

6f55efac879c92f116ab73ccd431c898c6f794f9
SHA256

eaf978fd469c4acc54a1b4cdaa4298c04b385b0cce10215f96a737b26a27fd30
SHA512

cbf0dab2eb7e3b44359db887a7441459a49575faaab0cfec6ddb67b43957391510fb7a0beb63098c3d826c96c91fff284e726c16284f70128b7cd577d30ee11e
SSDEEP

6144:bOsY+HgEiTA14Xn0Ti8v1bbFgXIQdjrfzNt1mEP3:i814Xn0Ti8tbJyIQdjrfzQEP3

Score

10^/10

pseudomanuscrypt loader

Static task

static1

Behavioral task

behavioral1

Sample

eaf978fd469c4acc54a1b4cdaa4298c04b385b0cce10215f96a737b26a27fd30.exe

Resource

win10-20230220-en

pseudomanuscrypt loader

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  eaf978fd469c4acc54a1b4cdaa4298c04b385b0cce10215f96a737b26a27fd30
- Size
  
  308KB
- MD5
  
  24527c1cb60027d91ddc051990ba55ca
- SHA1
  
  6f55efac879c92f116ab73ccd431c898c6f794f9
- SHA256
  
  eaf978fd469c4acc54a1b4cdaa4298c04b385b0cce10215f96a737b26a27fd30
- SHA512
  
  cbf0dab2eb7e3b44359db887a7441459a49575faaab0cfec6ddb67b43957391510fb7a0beb63098c3d826c96c91fff284e726c16284f70128b7cd577d30ee11e
- SSDEEP
  
  6144:bOsY+HgEiTA14Xn0Ti8v1bbFgXIQdjrfzNt1mEP3:i814Xn0Ti8tbJyIQdjrfzQEP3
Score

10^/10

pseudomanuscrypt loader
- Detects PseudoManuscrypt payload
  loader
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- PseudoManuscrypt
  PseudoManuscrypt is a malware Lazarus’s Manuscrypt targeting government organizations and ICS.
  loader pseudomanuscrypt
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

pseudomanuscryptloader

© 2018-2024

Terms | Privacy