Leprechaun – A New Malware Loader

    Monday, September 2, 2024 In: Threat Research Print

    Date: 09/02/2024

    Severity: High

    Summary

    The Leprechaun malware loader has emerged as a new threat, potentially replacing IcedID. It is a sophisticated loader with serious capabilities. This novel malware features three key components with specific functions in the current landscape.

    Indicators of Compromise (IOC) List

    Hash

    1d0753beaabc660960bb5297f43eae38128647c2a23b02b2550646d58aff8797

    IP Address

    65.20.106.109

    Object Name / Registry key 

    “Software\Leprechaun vnc”.

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Hash

    sha256hash IN ("1d0753beaabc660960bb5297f43eae38128647c2a23b02b2550646d58aff8797")

    IP Address

    dstipaddress IN ("65.20.106.109") or ipaddress IN ("65.20.106.109") or publicipaddress IN ("65.20.106.109") or srcipaddress IN ("65.20.106.109")

    Object Name / Registry key 

    (resourcename = "Windows Security"  AND eventtype = "4657"  ) AND objectname = "Software\\LeprechaunHvnc"

    Object Name / Registry key 

    (Technologygroup = "EDR"   ) AND objectname = "Software\\LeprechaunHvnc"

    Reference:

    https://gurucul.com/blog/leprechaun-a-new-malware-loader/


    Tags

    MalwareGurucul

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2024 by Gurucul - All rights reserved.