General
-
Target
APT 37 Previous Commits 1.7z
-
Size
17.9MB
-
Sample
230321-294fysdf63
-
MD5
3dfafcc426a7af56892cfdb7b180fac6
-
SHA1
d0bc1375e9ce966cdb13b37fd6c5cf523cdf8e6a
-
SHA256
43e47a037425c2efb68f0ba0004f7e851e8c242c5fa7ae6ade0e54fdd81e380a
-
SHA512
b8c331f7b1b499a4ce699ada16b6fd53d5e6cba9dbab19b78c702bbc28959618e70566cf7054e0a85eae3bc65668454b2250f2fde2ffd9a30debf8346d752f49
-
SSDEEP
393216:m/cc1Pun8u1mKpX2U+wkzXOm2hSPUjG2UT5esTFZiYvOtvYKLOXVfsd:arPuHIQ+F7J2XG2A5esTF3WSFfsd
Behavioral task
behavioral1
Sample
(20220120)2022 - 001.chm
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
(20220120)2022 - 001.chm
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
(μμ) μ 20λ λν΅λ Ή μ·¨μμ μ¬μΈλν¬ μ°Έμμ μΆμ² λͺ λ¨(κ΅λ―ΌμνλΉμ 000).chm
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
(μμ) μ 20λ λν΅λ Ή μ·¨μμ μ¬μΈλν¬ μ°Έμμ μΆμ² λͺ λ¨(κ΅λ―ΌμνλΉμ 000).chm
Resource
win10v2004-20230221-en
Behavioral task
behavioral5
Sample
(μμ) μ 20λ λν΅λ Ή μ·¨μμ μ¬μΈλν¬ μ°Έμμ μΆμ² λͺ λ¨(κ΅λ―ΌμνλΉμ 000).xls
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
(μμ) μ 20λ λν΅λ Ή μ·¨μμ μ¬μΈλν¬ μ°Έμμ μΆμ² λͺ λ¨(κ΅λ―ΌμνλΉμ 000).xls
Resource
win10v2004-20230220-en
Malware Config
Extracted
http://attiferstudio.com/install.bak/sony/10.html
Extracted
http://attiferstudio.com/install.bak/sony/6.html
Targets
-
-
Target
(20220120)2022 - 001.chm
-
Size
331KB
-
MD5
914521cb6b4846b2c0e85588d5224ba2
-
SHA1
9171d8b916637bd4b1b4348c1744d8f25a2363c6
-
SHA256
a88dc9a152cc7758a1df5aa33cf7b31cdb14e593a8744f2059602a49b8b04e0f
-
SHA512
cfc3f84a08213f8a1883f0ca6164067e4dfa59d8655e0c2f0fcba0bf985555bb0dca00b5eae0bfaa9ad6861736e9dfe57af490faeb53553d60c460a51d3233c8
-
SSDEEP
6144:tWVDblCou9OdcHSgSLaCjPjjaZL4annWryMGfdnSavw/5q/Rhc/UVkRJU1yq9i8y:uM3W0jSL3n4F5nlLW+ye/y
Score10/10-
Blocklisted process makes network request
-
-
-
Target
(μμ) μ 20λ λν΅λ Ή μ·¨μμ μ¬μΈλν¬ μ°Έμμ μΆμ² λͺ λ¨(κ΅λ―ΌμνλΉμ 000).chm
-
Size
10KB
-
MD5
2ffcb634118aaa6154395374f0c66010
-
SHA1
71ba9eb1bd593a8e835fd0b9e9bfc50af55caefe
-
SHA256
6c1f0deadbfe5aede933592a9692b18879232a29bfdda5a666b91475b4746612
-
SHA512
941f13e75eb726f3d35570c6266dbefeed8a308aeb663e1134cbddaa4b4f19138e8cb8e9cb9d84f17401377a2f18f89bee880d611f1b7c2f27df2a390147975d
-
SSDEEP
48:sVvtkZgC+z06QRlEFlErlElW5sh0C62UE9ty8Emig1klHb2yep/yjiofNcIOuhZz:snTzGlr2B9roeVIOA6ZEaMmK9i0
Score1/10 -
-
-
Target
(μμ) μ 20λ λν΅λ Ή μ·¨μμ μ¬μΈλν¬ μ°Έμμ μΆμ² λͺ λ¨(κ΅λ―ΌμνλΉμ 000).xls
-
Size
135KB
-
MD5
c8df23e698e196f803ace0f50a18944d
-
SHA1
bf47a34bc092fa81918a387e8f5282f7a7d8a0c4
-
SHA256
db70f269d62c43bd09580858731853a589e0f32f2d3c915b15cb9f0b4b9f12d2
-
SHA512
29146eff3ed7d8b6ddbf1736f2e2a2fb90a0cec1fc9f8244763802ef9af36bbf1fdd907eee198fe8d910cd3ae17227ab2d2b9e376d9243bdc549d602182f6ab3
-
SSDEEP
3072:Fk3hOdsylKlgryzc4bNhZFGzE+cL2knAeQN3QgBzMnNXHM6au7Fei9Yyg4/FQbux:Fk3hOdsylKlgryzc4bNhZF+E+W2knAeX
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Process spawned suspicious child process
This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
-