General
-
Target
dc18833a5782359021cc033ec28db8c8_JaffaCakes118
-
Size
865KB
-
Sample
240912-jsxmzayenr
-
MD5
dc18833a5782359021cc033ec28db8c8
-
SHA1
7b1f91181f1da4fa8af7dafb5a134c3f7d5e97d2
-
SHA256
6304025b1257897362538a402ecb3fc47af94868332ff843d5f2075a9d58d81e
-
SHA512
2ba43a08083e439fa2b1fa685e7655bab073d3f9a2f79f1d4ab2db306be63fbcb37c5e332f3ef1959c783ddbf36bad9ca98879472fd929c4de5f1e4d17ce98d4
-
SSDEEP
24576:K/7//0x2mmx+i06g8oUsDElpm3dw1ClFrg2Dt59ab5D:gzBr06g8oj4lpmDH/59mD
Malware Config
Targets
-
-
Target
dc18833a5782359021cc033ec28db8c8_JaffaCakes118
-
Size
865KB
-
MD5
dc18833a5782359021cc033ec28db8c8
-
SHA1
7b1f91181f1da4fa8af7dafb5a134c3f7d5e97d2
-
SHA256
6304025b1257897362538a402ecb3fc47af94868332ff843d5f2075a9d58d81e
-
SHA512
2ba43a08083e439fa2b1fa685e7655bab073d3f9a2f79f1d4ab2db306be63fbcb37c5e332f3ef1959c783ddbf36bad9ca98879472fd929c4de5f1e4d17ce98d4
-
SSDEEP
24576:K/7//0x2mmx+i06g8oUsDElpm3dw1ClFrg2Dt59ab5D:gzBr06g8oj4lpmDH/59mD
Score10/10-
Detects PseudoManuscrypt payload
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
PseudoManuscrypt
PseudoManuscrypt is a malware Lazarus’s Manuscrypt targeting government organizations and ICS.
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Suspicious use of SetThreadContext
-