guerrilla | 8de592efeb1b2bcab19077f08766308d049e62f7a4e467dc7204f7710320624b | Triage

Submit
Reports

Overview

overview

Static

static

1

MuMuInstal...35.exe

windows11-21h2-x64

Sharing

General

Target

MuMuInstaller_3.1.6.0_gw-overseas12_all_1699416735.exe
Size

5.3MB
Sample

240316-n76lmsaf5v
MD5

0032db0e51aa3eb59524c60cce8ec586
SHA1

0986acb5f3120cbc8191d8507b4c34c5fbb49861
SHA256

8de592efeb1b2bcab19077f08766308d049e62f7a4e467dc7204f7710320624b
SHA512

b40cb65ae3cc308d255052276e0aff27127eb0b0f6f8d6b166b48c84c571d612b5be9a772f382e4a1d1b56de695a715f65155ef6898136c7ca21d6c5a35a2273
SSDEEP

98304:qeCOCyjsbxvydYsr2ndGaX6tJJQv2FKA75OpVclc02vDRZTEz:TCOCyjstyd/r4o3u0jc02vVZoz

Score

10^/10

guerrilla irata mandrake infostealer persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

MuMuInstaller_3.1.6.0_gw-overseas12_all_1699416735.exe

Resource

win11-20240221-en

guerrilla irata mandrake infostealer persistence rat trojan

windows11-21h2-x64

25 signatures

1800 seconds

Malware Config

Targets

- Target
  
  MuMuInstaller_3.1.6.0_gw-overseas12_all_1699416735.exe
- Size
  
  5.3MB
- MD5
  
  0032db0e51aa3eb59524c60cce8ec586
- SHA1
  
  0986acb5f3120cbc8191d8507b4c34c5fbb49861
- SHA256
  
  8de592efeb1b2bcab19077f08766308d049e62f7a4e467dc7204f7710320624b
- SHA512
  
  b40cb65ae3cc308d255052276e0aff27127eb0b0f6f8d6b166b48c84c571d612b5be9a772f382e4a1d1b56de695a715f65155ef6898136c7ca21d6c5a35a2273
- SSDEEP
  
  98304:qeCOCyjsbxvydYsr2ndGaX6tJJQv2FKA75OpVclc02vDRZTEz:TCOCyjstyd/r4o3u0jc02vVZoz
Score

10^/10

guerrilla irata mandrake infostealer persistence rat trojan
- Guerrilla
  Guerrilla is an Android malware used by the Lemon Group threat actor.
  trojan infostealer rat guerrilla
- Guerrilla payload
- Irata
  Irata is an Iranian remote access trojan Android malware first seen in August 2022.
  trojan infostealer rat irata
- Irata payload
- Mandrake
  Mandrake is an Android spyware first seen in 2020.
  trojan infostealer rat mandrake
- Mandrake payload
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

guerrillairatamandrakeinfostealerpersistencerattrojan

© 2018-2024

Terms | Privacy