pseudomanuscrypt | 0062734a275ffb573ba0289ee6d876d288890b69d731400f47fd3ae9cb8144d6 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

0062734a275ffb573ba0289ee6d876d288890b69d731400f47fd3ae9cb8144d6
Size

328KB
Sample

230310-hjlzfaca45
MD5

3e83a743b35142731f4204df90f085c5
SHA1

ef36ffe379eeb71d301ff2aae3d72254f794a78d
SHA256

0062734a275ffb573ba0289ee6d876d288890b69d731400f47fd3ae9cb8144d6
SHA512

431efa5d053dd3e03eb3c5cfaa728f685569b416e6699449fe2248fa737e2cdeb110398674beeb43bfdab22e2b2d7e45c9c9e091aa97d81f6ee508153153b9fa
SSDEEP

6144:evSBanJK/5kPas8N0HEAAf1vbViarAWbd33eEPT:evjas8uHEAAtvBpkrEPT

Score

10^/10

pseudomanuscrypt loader

Static task

static1

Behavioral task

behavioral1

Sample

0062734a275ffb573ba0289ee6d876d288890b69d731400f47fd3ae9cb8144d6.exe

Resource

win10-20230220-en

pseudomanuscrypt loader

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  0062734a275ffb573ba0289ee6d876d288890b69d731400f47fd3ae9cb8144d6
- Size
  
  328KB
- MD5
  
  3e83a743b35142731f4204df90f085c5
- SHA1
  
  ef36ffe379eeb71d301ff2aae3d72254f794a78d
- SHA256
  
  0062734a275ffb573ba0289ee6d876d288890b69d731400f47fd3ae9cb8144d6
- SHA512
  
  431efa5d053dd3e03eb3c5cfaa728f685569b416e6699449fe2248fa737e2cdeb110398674beeb43bfdab22e2b2d7e45c9c9e091aa97d81f6ee508153153b9fa
- SSDEEP
  
  6144:evSBanJK/5kPas8N0HEAAf1vbViarAWbd33eEPT:evjas8uHEAAtvBpkrEPT
Score

10^/10

pseudomanuscrypt loader
- Detects PseudoManuscrypt payload
  loader
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- PseudoManuscrypt
  PseudoManuscrypt is a malware Lazarus’s Manuscrypt targeting government organizations and ICS.
  loader pseudomanuscrypt
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

pseudomanuscryptloader

© 2018-2024

Terms | Privacy