pseudomanuscrypt | c7b1371cb821754d8da88223159e2641e94008695d1382edc4021a8502756b09 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

c7b1371cb821754d8da88223159e2641e94008695d1382edc4021a8502756b09
Size

880KB
Sample

230322-kmrp7shg6t
MD5

ceba2a701029f8195f747032d1ede028
SHA1

536097d8a21d2f6f2b42637f26304fbc042810bf
SHA256

c7b1371cb821754d8da88223159e2641e94008695d1382edc4021a8502756b09
SHA512

16884678ee23407767d58d5b9b75f3c3b62723066839d3edbb6d6dd08628b85c9756b1cea8d2049806aae04d063c25fcf58e352e09ae385febcb24b4591b0be2
SSDEEP

6144:LQuiA1RTz/cYja2ieb5YbF5R+Jn8xH97r7FQ1d43wUmDm:nz/9ja2ieFYp5R+I7KY

Score

10^/10

pseudomanuscrypt loader

Static task

static1

Behavioral task

behavioral1

Sample

c7b1371cb821754d8da88223159e2641e94008695d1382edc4021a8502756b09.exe

Resource

win10-20230220-en

pseudomanuscrypt loader

windows10-1703-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  c7b1371cb821754d8da88223159e2641e94008695d1382edc4021a8502756b09
- Size
  
  880KB
- MD5
  
  ceba2a701029f8195f747032d1ede028
- SHA1
  
  536097d8a21d2f6f2b42637f26304fbc042810bf
- SHA256
  
  c7b1371cb821754d8da88223159e2641e94008695d1382edc4021a8502756b09
- SHA512
  
  16884678ee23407767d58d5b9b75f3c3b62723066839d3edbb6d6dd08628b85c9756b1cea8d2049806aae04d063c25fcf58e352e09ae385febcb24b4591b0be2
- SSDEEP
  
  6144:LQuiA1RTz/cYja2ieb5YbF5R+Jn8xH97r7FQ1d43wUmDm:nz/9ja2ieFYp5R+I7KY
Score

10^/10

pseudomanuscrypt loader
- Detects PseudoManuscrypt payload
  loader
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- PseudoManuscrypt
  PseudoManuscrypt is a malware Lazarus’s Manuscrypt targeting government organizations and ICS.
  loader pseudomanuscrypt
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

pseudomanuscryptloader

© 2018-2024

Terms | Privacy