pseudomanuscrypt | bc936222af5841e0e16687624cfedf2743c9285119fe0c97786f6ae174f825c5 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

bc936222af5841e0e16687624cfedf2743c9285119fe0c97786f6ae174f825c5
Size

328KB
Sample

230310-hkcr6aca48
MD5

243bdb269b59f604ad9bc109758aeb2c
SHA1

a7bb9fa52e09477f654cb7db70411e072224e51c
SHA256

bc936222af5841e0e16687624cfedf2743c9285119fe0c97786f6ae174f825c5
SHA512

36d35dfbe6b516be8f2f2f9dbc0770e727750553cae5db3a30cba40a71c1c777fb4b89684afbdf166869acce6b2b314b6b0dd6c4a954aae1d9d1fea359ee9034
SSDEEP

6144:evSBanJK/5kPas8N0HEAAf1vbViarAWbd33sEPT:evjas8uHEAAtvBpkJEPT

Score

10^/10

pseudomanuscrypt loader

Static task

static1

Behavioral task

behavioral1

Sample

bc936222af5841e0e16687624cfedf2743c9285119fe0c97786f6ae174f825c5.exe

Resource

win10-20230220-en

pseudomanuscrypt loader

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  bc936222af5841e0e16687624cfedf2743c9285119fe0c97786f6ae174f825c5
- Size
  
  328KB
- MD5
  
  243bdb269b59f604ad9bc109758aeb2c
- SHA1
  
  a7bb9fa52e09477f654cb7db70411e072224e51c
- SHA256
  
  bc936222af5841e0e16687624cfedf2743c9285119fe0c97786f6ae174f825c5
- SHA512
  
  36d35dfbe6b516be8f2f2f9dbc0770e727750553cae5db3a30cba40a71c1c777fb4b89684afbdf166869acce6b2b314b6b0dd6c4a954aae1d9d1fea359ee9034
- SSDEEP
  
  6144:evSBanJK/5kPas8N0HEAAf1vbViarAWbd33sEPT:evjas8uHEAAtvBpkJEPT
Score

10^/10

pseudomanuscrypt loader
- Detects PseudoManuscrypt payload
  loader
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- PseudoManuscrypt
  PseudoManuscrypt is a malware Lazarus’s Manuscrypt targeting government organizations and ICS.
  loader pseudomanuscrypt
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

pseudomanuscryptloader

© 2018-2024

Terms | Privacy