pseudomanuscrypt | 790decaa7992369cbcdad2c787d66cd9c08556f84bd5f06a0638e5feca0d5fb8 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

790decaa7992369cbcdad2c787d66cd9c08556f84bd5f06a0638e5feca0d5fb8
Size

328KB
Sample

230310-ht1kkscb24
MD5

a48ea904f9779965d0285697eea2a62c
SHA1

93e54c1e722ef60808ce3729f87ed082e3f0e973
SHA256

790decaa7992369cbcdad2c787d66cd9c08556f84bd5f06a0638e5feca0d5fb8
SHA512

a4dc0b3511c3dd8bd1b5d4ccaecbb63344551cf0c0de72fd476ba8223969e1c4e508331c75be8c56d2b6f1810cd9de680812c88ed4a06c786f8c4654535cf2b1
SSDEEP

6144:evSBanJK/5kPas8N0HEAAf1vbViarAWbd33XEPT:evjas8uHEAAtvBpkCEPT

Score

10^/10

pseudomanuscrypt loader

Static task

static1

Behavioral task

behavioral1

Sample

790decaa7992369cbcdad2c787d66cd9c08556f84bd5f06a0638e5feca0d5fb8.exe

Resource

win10-20230220-en

pseudomanuscrypt loader

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  790decaa7992369cbcdad2c787d66cd9c08556f84bd5f06a0638e5feca0d5fb8
- Size
  
  328KB
- MD5
  
  a48ea904f9779965d0285697eea2a62c
- SHA1
  
  93e54c1e722ef60808ce3729f87ed082e3f0e973
- SHA256
  
  790decaa7992369cbcdad2c787d66cd9c08556f84bd5f06a0638e5feca0d5fb8
- SHA512
  
  a4dc0b3511c3dd8bd1b5d4ccaecbb63344551cf0c0de72fd476ba8223969e1c4e508331c75be8c56d2b6f1810cd9de680812c88ed4a06c786f8c4654535cf2b1
- SSDEEP
  
  6144:evSBanJK/5kPas8N0HEAAf1vbViarAWbd33XEPT:evjas8uHEAAtvBpkCEPT
Score

10^/10

pseudomanuscrypt loader
- Detects PseudoManuscrypt payload
  loader
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- PseudoManuscrypt
  PseudoManuscrypt is a malware Lazarus’s Manuscrypt targeting government organizations and ICS.
  loader pseudomanuscrypt
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

pseudomanuscryptloader

© 2018-2024

Terms | Privacy