Overview

overview

10

Static

static

8

APT 37 Pre...01.rar

windows7-x64

3

APT 37 Pre...01.rar

windows10-2004-x64

3

APT 37 Pre...0).rar

windows7-x64

3

APT 37 Pre...0).rar

windows10-2004-x64

3

APT 37 Pre...0).xls

windows7-x64

10

APT 37 Pre...0).xls

windows10-2004-x64

10

APT 37 Pre.../1.rar

windows7-x64

3

APT 37 Pre.../1.rar

windows10-2004-x64

3

APT 37 Pre...EC.rar

windows7-x64

3

APT 37 Pre...EC.rar

windows10-2004-x64

3

APT 37 Pre...¦¬.hwp

windows7-x64

3

APT 37 Pre...¦¬.hwp

windows10-2004-x64

3

APT 37 Pre...°•.rar

windows7-x64

3

APT 37 Pre...°•.rar

windows10-2004-x64

3

APT 37 Pre...on.rar

windows7-x64

3

APT 37 Pre...on.rar

windows10-2004-x64

3

APT 37 Pre...22.rar

windows7-x64

3

APT 37 Pre...22.rar

windows10-2004-x64

3

APT 37 Pre...27.rar

windows7-x64

3

APT 37 Pre...27.rar

windows10-2004-x64

3

APT 37 Pre...ce.rar

windows7-x64

3

APT 37 Pre...ce.rar

windows10-2004-x64

3

APT 37 Pre...06.rar

windows7-x64

3

APT 37 Pre...06.rar

windows10-2004-x64

3

APT 37 Pre...55.rar

windows7-x64

3

APT 37 Pre...55.rar

windows10-2004-x64

3

APT 37 Pre...13.rar

windows7-x64

3

APT 37 Pre...13.rar

windows10-2004-x64

3

APT 37 Pre...SA.rar

windows7-x64

3

APT 37 Pre...SA.rar

windows10-2004-x64

3

APT 37 Pre...„).rar

windows7-x64

3

APT 37 Pre...„).rar

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    APT 37 Previous Commits 1.7z

  • Size

    17.9MB

  • Sample

    230321-26tgksdf47

  • MD5

    3dfafcc426a7af56892cfdb7b180fac6

  • SHA1

    d0bc1375e9ce966cdb13b37fd6c5cf523cdf8e6a

  • SHA256

    43e47a037425c2efb68f0ba0004f7e851e8c242c5fa7ae6ade0e54fdd81e380a

  • SHA512

    b8c331f7b1b499a4ce699ada16b6fd53d5e6cba9dbab19b78c702bbc28959618e70566cf7054e0a85eae3bc65668454b2250f2fde2ffd9a30debf8346d752f49

  • SSDEEP

    393216:m/cc1Pun8u1mKpX2U+wkzXOm2hSPUjG2UT5esTFZiYvOtvYKLOXVfsd:arPuHIQ+F7J2XG2A5esTF3WSFfsd

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://attiferstudio.com/install.bak/sony/6.html

Targets

    • Target

      APT 37 Previous Commits 1/(20220120)2022ë…„ ì´ë™ì°½íšŒ ì‹ ë…„ì¸ì‚¬001.rar

    • Size

      324KB

    • MD5

      3dd12d67844b047486740405ae96f1a4

    • SHA1

      343b56fe4945b7f3b0a8ddcde1552aa5b5dae40f

    • SHA256

      4dd424f71c03a5866a299b21ceb936efe6d9090f5bdc7956026b32cad60f6e6b

    • SHA512

      ab5b1b69e8a701ef8aa988a7352ea12068d719e8877e412ab2774f2f38371277d4630e86cbbbe740445136a069460f69f64b6b8e7899e7c02c6157e739f1728d

    • SSDEEP

      6144:4VL4VbOQWSYQSWfW9i5JnWkP5O6QBKqD8w59sUrIDAW04vOYNvnfAT:M4VbOTMmw26Q7DB96DAhWdfAT

    Score
    3/10
    behavioral1behavioral2

    • Target

      APT 37 Previous Commits 1/(ì–‘ì‹) ì œ20대 대통령 ì·¨ìž„ì‹ ìž¬ì™¸ë™í¬ ì°¸ì„ìž ì¶”ì²œ 명단(국민ì˜íž˜ë‹¹ì› 000).rar

    • Size

      99KB

    • MD5

      e9cd4c60582a587416c4807c890f8a5b

    • SHA1

      4d609e2914a4270fac3d9c416e78e27f221b7e91

    • SHA256

      7d899e2baef34c189185511eaa3cbc94429c5000c9bd37de232192832149f8a4

    • SHA512

      09e8cf9e0d7f2cec000130f525d26702d2a16cdf7e88b5b9698f2de22ed447e9f0de87e92c0815af2757f00547364ca676fbc0ff048886ae3e248a098ea451d2

    • SSDEEP

      1536:aGRi7Zwe18uT6SYujbsXBWKM+SliUneM9f6ioQq+dfBEQrf0li2nw3IiJZpX1:aGle1WSYmIRWKMKM9f4dYBBduw3dJZP

    Score
    3/10
    behavioral3behavioral4

    • Target

      APT 37 Previous Commits 1/(ì–‘ì‹) ì œ20대 대통령 ì·¨ìž„ì‹ ìž¬ì™¸ë™í¬ ì°¸ì„ìž ì¶”ì²œ 명단(국민ì˜íž˜ë‹¹ì› 000).xls

    • Size

      135KB

    • MD5

      c8df23e698e196f803ace0f50a18944d

    • SHA1

      bf47a34bc092fa81918a387e8f5282f7a7d8a0c4

    • SHA256

      db70f269d62c43bd09580858731853a589e0f32f2d3c915b15cb9f0b4b9f12d2

    • SHA512

      29146eff3ed7d8b6ddbf1736f2e2a2fb90a0cec1fc9f8244763802ef9af36bbf1fdd907eee198fe8d910cd3ae17227ab2d2b9e376d9243bdc549d602182f6ab3

    • SSDEEP

      3072:Fk3hOdsylKlgryzc4bNhZFGzE+cL2knAeQN3QgBzMnNXHM6au7Fei9Yyg4/FQbux:Fk3hOdsylKlgryzc4bNhZF+E+W2knAeX

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Process spawned suspicious child process

      This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

    behavioral5behavioral6

    • Target

      APT 37 Previous Commits 1/1.rar

    • Size

      3.6MB

    • MD5

      6dc7795dde643aae9ced8e22db335ad1

    • SHA1

      fc286e4b01c400ae2ac76674a6c45fa723218859

    • SHA256

      751bfe7e49cdbc48029894fca27f9d7abeaa320a77d48b6cb12bf11f356e64e3

    • SHA512

      9c4fb94703b494027218ef252cdd83502862ed4c9893b03a97110642a64fe33858971fbe0afdceaf6f598114bb3f6799d0f7a6ffc5525b21cf0cf7f2db318e46

    • SSDEEP

      98304:hDO0gu5xt1jwNmciQQrjxXHkA4XsLRRJ0gXJpuePmeSNv+QN:th9JjwNmcPsjx3kwjpuePRSNv+QN

    Score
    3/10
    behavioral7behavioral8

    • Target

      APT 37 Previous Commits 1/2017-APEC.rar

    • Size

      10KB

    • MD5

      e3879ea3f695706dfc3fc1fb68c6241d

    • SHA1

      ee16c46a725a000ba82bfd21286bed3a1492e022

    • SHA256

      7c7986ce54bd28ab5a6e106df28a6339de6e547a2a8a25205bb6749df49df1ad

    • SHA512

      d66cca76e2094a779934c2db997c17d5405b74b03089ccc10eff82f6daee6941346d6a2b4b6c4af862c87b339f2e4db36c6ae5c93f21dc94d0f82864ee8baf75

    • SSDEEP

      192:bhqubgwUjGKVsBOETAJTu/AOAgc6g+2sG3VPjvvEVjsstDROluSqe4A0mM:bhdUjGwsBKTOAOg+DmVLasstDRS4A0mM

    Score
    3/10
    behavioral10behavioral9

    • Target

      APT 37 Previous Commits 1/2021ë…„ ICT융합 스마트공장 구축 ë° ê³ ë„í™” 사업 최종ê°ë¦¬ë³´ê³ ì„œ(엠플러스ì—프엔씨, ì¸ë²„스, ì •ì°¬í˜)_초안.hwp

    • Size

      1.4MB

    • MD5

      b8addd3c9e0c7f1ed8d4aafcb582e755

    • SHA1

      680373d4873b13323a52854364f7564538d50178

    • SHA256

      beea227a91e76e197f5f82c2d92a1b657a318c97ee083603be9f05cf21f85c9a

    • SHA512

      b732dda231b261834fa303ed411ac34e638a03feb3c787efce47d9e1c6a89ff75cb364fce13ad4b7d30e64d7054d19cb4d78595a0b703f0592179136bbb0305a

    • SSDEEP

      24576:VlFeF06suHGJqxEvDNWuk/EuAq6W1onwl1u1CMXbhoVjrDMB9Mm3L+Ije48rEbaj:V/eFSuHG0xEvDNWj/EZZnwyzGVjcBxLO

    Score
    3/10
    behavioral11behavioral12

    • Target

      APT 37 Previous Commits 1/2022 후기 ì‹ -íŽ¸ìž…ìƒ ëª¨ì§‘ìš”ê°•.rar

    • Size

      77KB

    • MD5

      17bc6298bf72fa76ad6e3f29536e2f13

    • SHA1

      3d99696902879ae60166411b62a7d069ac6bd428

    • SHA256

      db00c18b7226475879499581bbcd7d0a041c53cf6683ba459ff0893b978c5839

    • SHA512

      f91458a410eaca09f580f96e7e87a9cbc74329caef0ce017d1a21d5b37a631d18be595d1baab0368c8bc9efb6238831cd55049ca0442b8166e01855bbebdda19

    • SSDEEP

      1536:cTRt3a0zHUyJgeMeiHaXbGrjEs44K+S3phBoALic+ivW5iPGC4tFFdetBvWCT41:cja0zHUE/iHaXaEbjpoTivW5iPCGhWQE

    Score
    3/10
    behavioral13behavioral14

    • Target

      APT 37 Previous Commits 1/2022-01-27-notification.rar

    • Size

      4KB

    • MD5

      54a99efd1b9adec5dc0096c624f21660

    • SHA1

      38331c578afdf9c03cbeb76cb1988b8f2c35f2b3

    • SHA256

      06d8ae2e5a6854d17ce66f915cb7bbd0fa8eb1148c2ad3622e09bebd9264f0fd

    • SHA512

      240634fd8f924fdf71371fbca0bcd5e8aae2b0990e0cbb96d97ce415dd1d05982ce8b8bb2b73aded6b6fce56e1e4e1cf0ea8e80534b3fbd1c0ed8865a535a75b

    • SSDEEP

      96:fGb90sSA0hN+tqw1HL7DJSOM1BITl2XMNtKHkFz8WD/xcg5ejI:fGR0sSAuAq07DJs1KsStqkyWDZz3

    Score
    3/10
    behavioral15behavioral16

    • Target

      APT 37 Previous Commits 1/2022-03-22.rar

    • Size

      1.0MB

    • MD5

      f3f4cf7876817b1e8a2d49fe9bd7b206

    • SHA1

      bf3c443153c6f30ffce7cf66b49a4876df9ac35a

    • SHA256

      b0729b96dd478308be5562606abf20eadb0c59c0ea32315ab35a68d89aaae4d9

    • SHA512

      c6533901365302efe50172ddfa941c321ffff424bc2ab1d5caf79ec175374f5c59b0dbc46562291371e5c79709360749ea112d1febad86c1618b91f719b8ed5b

    • SSDEEP

      24576:QpLMCKGfym3g58XyTiZrV/gW7J3MHF5s4gHlyGnvk:ULtKG6m3g58XyWlV//dMkFG

    Score
    3/10
    behavioral17behavioral18

    • Target

      APT 37 Previous Commits 1/2022.04.27.rar

    • Size

      34KB

    • MD5

      9d85c8378b5f1edefb1e9837b3abb74f

    • SHA1

      260aa9a8dd981f3e9b4372275e7b9a6cb5fb9b40

    • SHA256

      360512254b342558d8f17305b673b75c7d7986f12aae2f602952298cacf5d238

    • SHA512

      d3491f75d1f8d09a6aacbde5b9035b23c7aa2e8c73e38b9445a91f58b419a3015e4a7d2fe06488193fe831c419ca04564404fef993c2499dff18ad444037cdbe

    • SSDEEP

      768:VfONuc4JWVJrzPWGnXJoMU83dg2HErxGDtU7Vy1j7I6iVGtNP:lTkDrb5d9Ng2o8tB66oup

    Score
    3/10
    behavioral19behavioral20

    • Target

      APT 37 Previous Commits 1/20220315-112_Notice.rar

    • Size

      3KB

    • MD5

      75fe480a0669e80369eaf640857c27cd

    • SHA1

      6845db568fabef46944bd0afed55b94cf2ffa5fb

    • SHA256

      ac31880c5a10e7227064b7098a2e73e5001349123b0e9b6ac2aa8efa055d73fa

    • SHA512

      2074d50ebc5b893183c659cbc48c81924347c69fe05559141d708efbef8231508628c7a20d3b448d747f478731d91c8c0d8a07b6bc408ed3209cd7a3889fc045

    Score
    3/10
    behavioral21behavioral22

    • Target

      APT 37 Previous Commits 1/202203_5_06.rar

    • Size

      151KB

    • MD5

      6db5f68b74c8ba397104da419fcc831d

    • SHA1

      b4572b01d719b9a4ff8489f8b42fe7fb216bcda3

    • SHA256

      35ea90ba0d75a758abec880413c3f87d171bf34d93465fa868e6a09e5058daaf

    • SHA512

      5b10fb6b2a848d0c332871aee56f07042668ece0150e3d14460f3c0af4c1c0ea18ecce310c76caf6676f7c5416eea08df1decdf17a2264b3e24f50974f8026bd

    • SSDEEP

      3072:UYSEnQ/NXYzNS3X23isUtbHn5BS/T+iSfwQLGv8zgch0Zx+/G0QnHsRgEeIXY:nS9lwNaXYisUt50TXSf7LGmVhBKnyPlo

    Score
    3/10
    behavioral23behavioral24

    • Target

      APT 37 Previous Commits 1/20220510_115155.rar

    • Size

      899KB

    • MD5

      cfd73942f61fbb14dded15f3d0c92f4a

    • SHA1

      23034186849aff6b2cd775b9e34d0a5d1f5954be

    • SHA256

      6b912eeda69069fb6a3fa3cfc10db029e8ebbee936cab19137cad103d9fc6abd

    • SHA512

      79599831de00047ee85d6a56be8dd8ba49915fa20be7607fa4cc7ea5f2b53517c4a085d0957fbf8deb838beae5a2a711b62bddc7bfe1f542c8cc9d435599005f

    • SSDEEP

      24576:8uGP2N33OyhJ1zyYRTkQ2nI3Qh6Rv3uPiFlsfB:8uI2XbGYR4Q2nI3jgpfB

    Score
    3/10
    behavioral25behavioral26

    • Target

      APT 37 Previous Commits 1/20220913.rar

    • Size

      371KB

    • MD5

      5c67c9266e4267d1bf0862bf2c7bd2a5

    • SHA1

      494602ff78b1d034c9f8246a69617da7164050a2

    • SHA256

      ae8cb9b2a65efb15e0aeaa9327a77a90425d86154f24305943f49eb28eac8fd5

    • SHA512

      5661e2a4db660bc4b5ae0e9e9b26b1eb001ed55d7b704e6879c7bdac4a3a6fb7b3fb09cb49614954e18ffe70c7b58a85dd597c92ed1d17ca2a97ff26a77ea2de

    • SSDEEP

      6144:pcjXt6bRJ3dCmK0po5vSZEdG1gt66gmnpNZvBIhGuBvv14cic78IAN+N39Hh5+rJ:pc8FvCmzm5vSIUc6rMDBIp34cPu+de0c

    Score
    3/10
    behavioral27behavioral28

    • Target

      APT 37 Previous Commits 1/20220916093205755684_TSA.rar

    • Size

      959KB

    • MD5

      1531bba6a8028d38d36c0a91b91159c3

    • SHA1

      fd022cda6f03897adae856b0d8544cc587132ce3

    • SHA256

      79c0c48614379371e3da809c512a945c19f48b326d2d28ea1603fb394fb18e81

    • SHA512

      4dca2fc7bb55287f2dc8d759928f6ee70c43d6949d86f21979f0dc618e5ad0f424c19d62b548ea96c0dc5b197b449182a79e5db017ef3cf6dc32ad63ad7973d2

    • SSDEEP

      24576:wpURDkB8WgmwgDBkg3aX8asLIy5t4tVq/K8ksqQEIGCOx:BCxDBE8asLISSE/pPkIMx

    Score
    3/10
    behavioral29behavioral30

    • Target

      APT 37 Previous Commits 1/2022ë…„ 국방부 부임ì´ì‚¬ 안내(몽골리아).rar

    • Size

      2.7MB

    • MD5

      afdc59ec36ac950de08169162783accd

    • SHA1

      2efe9332b61c4527363a33301f4ce3ee5b22aa8d

    • SHA256

      4a1ca5a873799887b10a24822bbccec347f18e5694a6ae462275b2bdfe3ee823

    • SHA512

      fe3bce0f8cd75ae96b39964dd2b4f4df2ce6688632ef9c6d996cd2215bbe113d62a227a6b58141dccba436bf2488f04bd3071be499500c6f407c00d1fe959bf2

    • SSDEEP

      49152:O4TV2Hjat4DAj7eody8MAVDbnjHQ53+c23J/pPXsq44M26HQ66Js:O4TVejaqk7c8MuLCD2ZhPXkdTTIs

    Score
    3/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

17
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macromacro_on_action
Score
8/10

behavioral1

Score
3/10

behavioral2

Score
3/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
10/10

behavioral6

Score
10/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10