guerrilla | 8de592efeb1b2bcab19077f08766308d049e62f7a4e467dc7204f7710320624b | Triage

Submit
Reports

Overview

overview

Static

static

1

MuMuInstal...35.exe

windows11-21h2-x64

Sharing

General

Target

MuMuInstaller_3.1.6.0_gw-overseas12_all_1699416735.exe
Size

5.3MB
Sample

240316-n76lmsaf5v
MD5

0032db0e51aa3eb59524c60cce8ec586
SHA1

0986acb5f3120cbc8191d8507b4c34c5fbb49861
SHA256

8de592efeb1b2bcab19077f08766308d049e62f7a4e467dc7204f7710320624b
SHA512

b40cb65ae3cc308d255052276e0aff27127eb0b0f6f8d6b166b48c84c571d612b5be9a772f382e4a1d1b56de695a715f65155ef6898136c7ca21d6c5a35a2273
SSDEEP

98304:qeCOCyjsbxvydYsr2ndGaX6tJJQv2FKA75OpVclc02vDRZTEz:TCOCyjstyd/r4o3u0jc02vVZoz

Score

10^/10

guerrilla irata mandrake infostealer persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

MuMuInstaller_3.1.6.0_gw-overseas12_all_1699416735.exe

Resource

win11-20240221-en

guerrilla irata mandrake infostealer persistence rat trojan

windows11-21h2-x64

25 signatures

1800 seconds

Malware Config

Targets

- Target
  
  MuMuInstaller_3.1.6.0_gw-overseas12_all_1699416735.exe
- Size
  
  5.3MB
- MD5
  
  0032db0e51aa3eb59524c60cce8ec586
- SHA1
  
  0986acb5f3120cbc8191d8507b4c34c5fbb49861
- SHA256
  
  8de592efeb1b2bcab19077f08766308d049e62f7a4e467dc7204f7710320624b
- SHA512
  
  b40cb65ae3cc308d255052276e0aff27127eb0b0f6f8d6b166b48c84c571d612b5be9a772f382e4a1d1b56de695a715f65155ef6898136c7ca21d6c5a35a2273
- SSDEEP
  
  98304:qeCOCyjsbxvydYsr2ndGaX6tJJQv2FKA75OpVclc02vDRZTEz:TCOCyjstyd/r4o3u0jc02vVZoz
Score

10^/10

guerrilla irata mandrake infostealer persistence rat trojan
- Guerrilla
  Guerrilla is an Android malware used by the Lemon Group threat actor.
  trojan infostealer rat guerrilla
- Guerrilla payload
- Irata
  Irata is an Iranian remote access trojan Android malware first seen in August 2022.
  trojan infostealer rat irata
- Irata payload
- Mandrake
  Mandrake is an Android spyware first seen in 2020.
  trojan infostealer rat mandrake
- Mandrake payload
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

guerrillairatamandrakeinfostealerpersistencerattrojan

© 2018-2024

Terms | Privacy