General

  • Target

    50793b3b016fe3d7042a286e70c8c2db.exe

  • Size

    880KB

  • Sample

    230322-xsna7acf9v

  • MD5

    50793b3b016fe3d7042a286e70c8c2db

  • SHA1

    636db5add1b385fdbe8f01a097a39aa64591fc8e

  • SHA256

    bbd550a356ad847fbec4080976e7f7d72b3d431d923df772b65880b7a5cc7254

  • SHA512

    b2035b2fcd0eb4b3874b2a0cf14ce25b17509129fe88924f1884a70e78b51a78922d6299e728b113754cbb1b21f02565c4367644d99712f93f052134a9ac91b3

  • SSDEEP

    6144:LQuiA1RTz/cYja2ieb5YbF5R+Jn8xH97r7FU1d43wUmDm:nz/9ja2ieFYp5R+I7uY

Malware Config

Targets

    • Target

      50793b3b016fe3d7042a286e70c8c2db.exe

    • Size

      880KB

    • MD5

      50793b3b016fe3d7042a286e70c8c2db

    • SHA1

      636db5add1b385fdbe8f01a097a39aa64591fc8e

    • SHA256

      bbd550a356ad847fbec4080976e7f7d72b3d431d923df772b65880b7a5cc7254

    • SHA512

      b2035b2fcd0eb4b3874b2a0cf14ce25b17509129fe88924f1884a70e78b51a78922d6299e728b113754cbb1b21f02565c4367644d99712f93f052134a9ac91b3

    • SSDEEP

      6144:LQuiA1RTz/cYja2ieb5YbF5R+Jn8xH97r7FU1d43wUmDm:nz/9ja2ieFYp5R+I7uY

    • Detects PseudoManuscrypt payload

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • PseudoManuscrypt

      PseudoManuscrypt is a malware Lazarus’s Manuscrypt targeting government organizations and ICS.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Tasks