43e47a037425c2efb68f0ba0004f7e851e8c242c5fa7ae6ade0e54fdd81e380a | Triage

Sharing

General

Target

APT 37 Previous Commits 1.7z
Size

17.9MB
Sample

230321-294fysdf63
MD5

3dfafcc426a7af56892cfdb7b180fac6
SHA1

d0bc1375e9ce966cdb13b37fd6c5cf523cdf8e6a
SHA256

43e47a037425c2efb68f0ba0004f7e851e8c242c5fa7ae6ade0e54fdd81e380a
SHA512

b8c331f7b1b499a4ce699ada16b6fd53d5e6cba9dbab19b78c702bbc28959618e70566cf7054e0a85eae3bc65668454b2250f2fde2ffd9a30debf8346d752f49
SSDEEP

393216:m/cc1Pun8u1mKpX2U+wkzXOm2hSPUjG2UT5esTFZiYvOtvYKLOXVfsd:arPuHIQ+F7J2XG2A5esTF3WSFfsd

Score

10^/10

macro macro_on_action

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://attiferstudio.com/install.bak/sony/10.html

Extracted

Language

hta

Source

URLs

hta.dropper

http://attiferstudio.com/install.bak/sony/6.html

Targets

- Target
  
  (20220120)2022 - 001.chm
- Size
  
  331KB
- MD5
  
  914521cb6b4846b2c0e85588d5224ba2
- SHA1
  
  9171d8b916637bd4b1b4348c1744d8f25a2363c6
- SHA256
  
  a88dc9a152cc7758a1df5aa33cf7b31cdb14e593a8744f2059602a49b8b04e0f
- SHA512
  
  cfc3f84a08213f8a1883f0ca6164067e4dfa59d8655e0c2f0fcba0bf985555bb0dca00b5eae0bfaa9ad6861736e9dfe57af490faeb53553d60c460a51d3233c8
- SSDEEP
  
  6144:tWVDblCou9OdcHSgSLaCjPjjaZL4annWryMGfdnSavw/5q/Rhc/UVkRJU1yq9i8y:uM3W0jSL3n4F5nlLW+ye/y
Score

10^/10
- Blocklisted process makes network request
behavioral1 behavioral2
- Target
  
  (양식) 제20대 대통령 취임식 재외동포 참석자 추천 명단(국민의힘당원 000).chm
- Size
  
  10KB
- MD5
  
  2ffcb634118aaa6154395374f0c66010
- SHA1
  
  71ba9eb1bd593a8e835fd0b9e9bfc50af55caefe
- SHA256
  
  6c1f0deadbfe5aede933592a9692b18879232a29bfdda5a666b91475b4746612
- SHA512
  
  941f13e75eb726f3d35570c6266dbefeed8a308aeb663e1134cbddaa4b4f19138e8cb8e9cb9d84f17401377a2f18f89bee880d611f1b7c2f27df2a390147975d
- SSDEEP
  
  48:sVvtkZgC+z06QRlEFlErlElW5sh0C62UE9ty8Emig1klHb2yep/yjiofNcIOuhZz:snTzGlr2B9roeVIOA6ZEaMmK9i0
Score

1^/10
behavioral3 behavioral4
- Target
  
  (양식) 제20대 대통령 취임식 재외동포 참석자 추천 명단(국민의힘당원 000).xls
- Size
  
  135KB
- MD5
  
  c8df23e698e196f803ace0f50a18944d
- SHA1
  
  bf47a34bc092fa81918a387e8f5282f7a7d8a0c4
- SHA256
  
  db70f269d62c43bd09580858731853a589e0f32f2d3c915b15cb9f0b4b9f12d2
- SHA512
  
  29146eff3ed7d8b6ddbf1736f2e2a2fb90a0cec1fc9f8244763802ef9af36bbf1fdd907eee198fe8d910cd3ae17227ab2d2b9e376d9243bdc549d602182f6ab3
- SSDEEP
  
  3072:Fk3hOdsylKlgryzc4bNhZFGzE+cL2knAeQN3QgBzMnNXHM6au7Fei9Yyg4/FQbux:Fk3hOdsylKlgryzc4bNhZF+E+W2knAeX
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macromacro_on_action

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6