Overview

overview

10

Static

static

1

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5bd7723819bc4c3a163cccae6d6484edc486732e902303e929656a32cf26eba7

  • Size

    328KB

  • Sample

    230310-hkl1tsdf8v

  • MD5

    ed4b060cf9d2306fbabfa86a55c9c053

  • SHA1

    b83b62e4fd5c1dd477139e4980b5ad18c733f427

  • SHA256

    5bd7723819bc4c3a163cccae6d6484edc486732e902303e929656a32cf26eba7

  • SHA512

    f51d93e1958ec29e5722e17d0f17b4e1e6bbf4ffb8e60593671fb63e25a91622123dc6c5a647e8a489cdc88cc43fb10bc23b484aed0421b6ad73f9e6a653d71e

  • SSDEEP

    6144:evSBanJK/5kPas8N0HEAAf1vbViarAWbd33MEPT:evjas8uHEAAtvBpkZEPT

Score
10/10
pseudomanuscryptloader

Malware Config

Targets

    • Target

      5bd7723819bc4c3a163cccae6d6484edc486732e902303e929656a32cf26eba7

    • Size

      328KB

    • MD5

      ed4b060cf9d2306fbabfa86a55c9c053

    • SHA1

      b83b62e4fd5c1dd477139e4980b5ad18c733f427

    • SHA256

      5bd7723819bc4c3a163cccae6d6484edc486732e902303e929656a32cf26eba7

    • SHA512

      f51d93e1958ec29e5722e17d0f17b4e1e6bbf4ffb8e60593671fb63e25a91622123dc6c5a647e8a489cdc88cc43fb10bc23b484aed0421b6ad73f9e6a653d71e

    • SSDEEP

      6144:evSBanJK/5kPas8N0HEAAf1vbViarAWbd33MEPT:evjas8uHEAAtvBpkZEPT

    Score
    10/10
    pseudomanuscryptloader

    • Detects PseudoManuscrypt payload

      loader

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • PseudoManuscrypt

      PseudoManuscrypt is a malware Lazarus’s Manuscrypt targeting government organizations and ICS.

      loaderpseudomanuscrypt

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks