pseudomanuscrypt | db322672530c557169da3977d42b6a3c341c60034ca58b9c4a96db39d39f1d98 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

db322672530c557169da3977d42b6a3c341c60034ca58b9c4a96db39d39f1d98
Size

328KB
Sample

230310-hk783adf81
MD5

ce7ad82066eaab614b8a0f206225cc88
SHA1

ea9058be68f3226d34e4a08fe3489fde5e64433b
SHA256

db322672530c557169da3977d42b6a3c341c60034ca58b9c4a96db39d39f1d98
SHA512

6c3a52ecf9cf21a4b2c7caedd1ce49a68293964bb8221f3a3acc644b6494422a8b71055b154db08cfe9783eb935de5deacde6060fe4a612d2bc88f2c6a8d5136
SSDEEP

6144:evSBanJK/5kPas8N0HEAAf1vbViarAWbd33mEPT:evjas8uHEAAtvBpkzEPT

Score

10^/10

pseudomanuscrypt loader

Static task

static1

Behavioral task

behavioral1

Sample

db322672530c557169da3977d42b6a3c341c60034ca58b9c4a96db39d39f1d98.exe

Resource

win10-20230220-en

pseudomanuscrypt loader

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  db322672530c557169da3977d42b6a3c341c60034ca58b9c4a96db39d39f1d98
- Size
  
  328KB
- MD5
  
  ce7ad82066eaab614b8a0f206225cc88
- SHA1
  
  ea9058be68f3226d34e4a08fe3489fde5e64433b
- SHA256
  
  db322672530c557169da3977d42b6a3c341c60034ca58b9c4a96db39d39f1d98
- SHA512
  
  6c3a52ecf9cf21a4b2c7caedd1ce49a68293964bb8221f3a3acc644b6494422a8b71055b154db08cfe9783eb935de5deacde6060fe4a612d2bc88f2c6a8d5136
- SSDEEP
  
  6144:evSBanJK/5kPas8N0HEAAf1vbViarAWbd33mEPT:evjas8uHEAAtvBpkzEPT
Score

10^/10

pseudomanuscrypt loader
- Detects PseudoManuscrypt payload
  loader
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- PseudoManuscrypt
  PseudoManuscrypt is a malware Lazarus’s Manuscrypt targeting government organizations and ICS.
  loader pseudomanuscrypt
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

pseudomanuscryptloader

© 2018-2024

Terms | Privacy