Pulse Detail — Threat Intelligence

PULSE NAME

Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon

WHITE Lamberts AlienVault 2019-11-21 Modified: 2019-12-21

IOCs

MEDIUM VOLUME

DePriMon is a malicious downloader, with several stages and using many non-traditional techniques. To achieve persistence, the malware registers a new local port monitor – a trick falling under the “Port Monitors” technique in the MITRE ATT&CK knowledgebase. For that, the malware uses the “Windows Default Print Monitor” name, that’s why we have named it DePriMon. Due to its complexity and modular architecture, we consider it to be a framework.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1007 T1013 T1036 T1043 T1057 T1071 T1082 T1090 T1107 T1112 T1124 T1134 T1140

MALWARE FAMILIES

DePriMon Lambert

Indicators of Compromise (33)

All domain FileHash-SHA256 hostname FileHash-SHA1

TYPE	INDICATOR	DESCRIPTION	CREATED
domain	elehenishing.com	—	2019-11-21
domain	wnupdnew.com	—	2019-11-21
domain	shayalyawm.com	—	2019-11-21
domain	alwatantrade.com	—	2019-11-21
domain	almawaddrial.com	—	2019-11-21
domain	teknikgorus.com	—	2019-11-21
domain	babmaftuh.com	—	2019-11-21
domain	mdeastserv.com	—	2019-11-21
FileHash-SHA256	c097cf17dc3303bc8155534350464e50176aca63842b0973831d8c6c8f136817	—	2019-11-21
FileHash-SHA256	8d35913f80a23e820c23b3125abf57901bc9a7b83283fb2b240193abdede52b9	—	2019-11-21
hostname	img.dealscienters.net	—	2019-11-21
FileHash-SHA1	94c0be25077d9a76f14a63cbf7a774a96e8006b8	—	2019-11-21
FileHash-SHA1	1911f6e8b05e38a3c994048c759c5ea2b95ce5f7	—	2019-11-21
FileHash-SHA1	6fab7aa0479d41700981983a39f962f28ccfbe29	—	2019-11-21
FileHash-SHA1	7e8a7273c5a0d49dfe6da04fef963e30d5258814	—	2019-11-21
FileHash-SHA1	8b4f3a06ba41f859e4cc394985bb788d5f76c85c	—	2019-11-21
FileHash-SHA1	7d0b08654b47329ad6ae44b8ff158105ea736bc3	—	2019-11-21
FileHash-SHA1	9c4bade47865e8111dd3eee6c5c4bc83f2489f5b	—	2019-11-21
FileHash-SHA1	0996c280ab704e95c9043c5a250cce077df9c8b2	—	2019-11-21
FileHash-SHA1	2d80b235cdf41e09d055dd1b01fd690e13be0ac7	—	2019-11-21
FileHash-SHA1	c2388c2b2ed6063eacba8a4021ce32eb0929fad2	—	2019-11-21
FileHash-SHA1	03e047dd4cecb16f513c44599bf9b8ba82d0b7cb	—	2019-11-21
FileHash-SHA1	15ebe328a501b1d603e66762fbb4583d73e109f7	—	2019-11-21
FileHash-SHA1	968b52550062848a717027c512afeded19254f58	—	2019-11-21
FileHash-SHA1	6db79671a3f31f7a9bb870151792a56276619dc1	—	2019-11-21
FileHash-SHA1	e272fda0e9ba1a1b8ef444ff5f2e8ee419746384	—	2019-11-21
FileHash-SHA1	aa59cb6715cfff545579861e5e77308f6caeac36	—	2019-11-21
FileHash-SHA1	f413eee3cfd85a60d7afc4d4ecc4445bb1f0b8bc	—	2019-11-21
FileHash-SHA1	2b30be3f39def1f404264d8858b89769e6c032d9	—	2019-11-21
FileHash-SHA1	e2d39e290201010f49652ee6116fd9b35c9ad882	—	2019-11-21
FileHash-SHA1	d38045b42c7e87c199993ab929ad92ade4f82398	—	2019-11-21
FileHash-SHA1	02b38f6e8b54885fa967851a5580f61c14a0aab6	—	2019-11-21
FileHash-SHA1	ca34050771678c65040065822729f44b35c87b0c	—	2019-11-21

References (1)

↗ https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/