pseudomanuscrypt | a842a92f9f0abfc2c01bd7bf8cd2c3f7d36dda36d394c4b8c6624096cc496011 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

a842a92f9f0abfc2c01bd7bf8cd2c3f7d36dda36d394c4b8c6624096cc496011
Size

880KB
Sample

230322-kpjsdafh29
MD5

889307a2c7f290ebefc16cb7e89c4a1a
SHA1

719d6bb31b35240de46502cc557b89b0ccf2731f
SHA256

a842a92f9f0abfc2c01bd7bf8cd2c3f7d36dda36d394c4b8c6624096cc496011
SHA512

c18acaed7da55feea171c0a0bc7db23e6e96ad4bfce213d158311abdac8cfd0340df899e01ac3bcae37e67168af0f35b34c8ddbcbdfde44fa86477be52ab9e55
SSDEEP

6144:LQuiA1RTz/cYja2ieb5YbF5R+Jn8xH97r7FZ1d43wUmDm:nz/9ja2ieFYp5R+I7zY

Score

10^/10

pseudomanuscrypt loader

Static task

static1

Behavioral task

behavioral1

Sample

a842a92f9f0abfc2c01bd7bf8cd2c3f7d36dda36d394c4b8c6624096cc496011.exe

Resource

win10-20230220-en

pseudomanuscrypt loader

windows10-1703-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  a842a92f9f0abfc2c01bd7bf8cd2c3f7d36dda36d394c4b8c6624096cc496011
- Size
  
  880KB
- MD5
  
  889307a2c7f290ebefc16cb7e89c4a1a
- SHA1
  
  719d6bb31b35240de46502cc557b89b0ccf2731f
- SHA256
  
  a842a92f9f0abfc2c01bd7bf8cd2c3f7d36dda36d394c4b8c6624096cc496011
- SHA512
  
  c18acaed7da55feea171c0a0bc7db23e6e96ad4bfce213d158311abdac8cfd0340df899e01ac3bcae37e67168af0f35b34c8ddbcbdfde44fa86477be52ab9e55
- SSDEEP
  
  6144:LQuiA1RTz/cYja2ieb5YbF5R+Jn8xH97r7FZ1d43wUmDm:nz/9ja2ieFYp5R+I7zY
Score

10^/10

pseudomanuscrypt loader
- Detects PseudoManuscrypt payload
  loader
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- PseudoManuscrypt
  PseudoManuscrypt is a malware Lazarus’s Manuscrypt targeting government organizations and ICS.
  loader pseudomanuscrypt
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

pseudomanuscryptloader

© 2018-2024

Terms | Privacy