General

  • Target

    MuMuInstaller_3.1.6.0_gw-overseas12_all_1699416735.exe

  • Size

    5.3MB

  • Sample

    240316-n76lmsaf5v

  • MD5

    0032db0e51aa3eb59524c60cce8ec586

  • SHA1

    0986acb5f3120cbc8191d8507b4c34c5fbb49861

  • SHA256

    8de592efeb1b2bcab19077f08766308d049e62f7a4e467dc7204f7710320624b

  • SHA512

    b40cb65ae3cc308d255052276e0aff27127eb0b0f6f8d6b166b48c84c571d612b5be9a772f382e4a1d1b56de695a715f65155ef6898136c7ca21d6c5a35a2273

  • SSDEEP

    98304:qeCOCyjsbxvydYsr2ndGaX6tJJQv2FKA75OpVclc02vDRZTEz:TCOCyjstyd/r4o3u0jc02vVZoz

Malware Config

Targets

    • Target

      MuMuInstaller_3.1.6.0_gw-overseas12_all_1699416735.exe

    • Size

      5.3MB

    • MD5

      0032db0e51aa3eb59524c60cce8ec586

    • SHA1

      0986acb5f3120cbc8191d8507b4c34c5fbb49861

    • SHA256

      8de592efeb1b2bcab19077f08766308d049e62f7a4e467dc7204f7710320624b

    • SHA512

      b40cb65ae3cc308d255052276e0aff27127eb0b0f6f8d6b166b48c84c571d612b5be9a772f382e4a1d1b56de695a715f65155ef6898136c7ca21d6c5a35a2273

    • SSDEEP

      98304:qeCOCyjsbxvydYsr2ndGaX6tJJQv2FKA75OpVclc02vDRZTEz:TCOCyjstyd/r4o3u0jc02vVZoz

    • Guerrilla

      Guerrilla is an Android malware used by the Lemon Group threat actor.

    • Guerrilla payload

    • Irata

      Irata is an Iranian remote access trojan Android malware first seen in August 2022.

    • Irata payload

    • Mandrake

      Mandrake is an Android spyware first seen in 2020.

    • Mandrake payload

    • Creates new service(s)

    • Downloads MZ/PE file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks