Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    db322672530c557169da3977d42b6a3c341c60034ca58b9c4a96db39d39f1d98

  • Size

    328KB

  • Sample

    230310-hk783adf81

  • MD5

    ce7ad82066eaab614b8a0f206225cc88

  • SHA1

    ea9058be68f3226d34e4a08fe3489fde5e64433b

  • SHA256

    db322672530c557169da3977d42b6a3c341c60034ca58b9c4a96db39d39f1d98

  • SHA512

    6c3a52ecf9cf21a4b2c7caedd1ce49a68293964bb8221f3a3acc644b6494422a8b71055b154db08cfe9783eb935de5deacde6060fe4a612d2bc88f2c6a8d5136

  • SSDEEP

    6144:evSBanJK/5kPas8N0HEAAf1vbViarAWbd33mEPT:evjas8uHEAAtvBpkzEPT

Score
10/10
pseudomanuscryptloader

Malware Config

Targets

    • Target

      db322672530c557169da3977d42b6a3c341c60034ca58b9c4a96db39d39f1d98

    • Size

      328KB

    • MD5

      ce7ad82066eaab614b8a0f206225cc88

    • SHA1

      ea9058be68f3226d34e4a08fe3489fde5e64433b

    • SHA256

      db322672530c557169da3977d42b6a3c341c60034ca58b9c4a96db39d39f1d98

    • SHA512

      6c3a52ecf9cf21a4b2c7caedd1ce49a68293964bb8221f3a3acc644b6494422a8b71055b154db08cfe9783eb935de5deacde6060fe4a612d2bc88f2c6a8d5136

    • SSDEEP

      6144:evSBanJK/5kPas8N0HEAAf1vbViarAWbd33mEPT:evjas8uHEAAtvBpkzEPT

    Score
    10/10
    pseudomanuscryptloader

    • Detects PseudoManuscrypt payload

      loader

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • PseudoManuscrypt

      PseudoManuscrypt is a malware Lazarus’s Manuscrypt targeting government organizations and ICS.

      loaderpseudomanuscrypt

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks