Overview

overview

10

Static

static

8

APT 37 Pre...˜Έ.rar

windows7-x64

3

APT 37 Pre...˜Έ.rar

windows10-2004-x64

3

KN0408_045...˜Έ.chm

windows7-x64

1

KN0408_045...˜Έ.chm

windows10-2004-x64

1

KN0408_045...호.js

windows7-x64

1

KN0408_045...호.js

windows10-2004-x64

1

APT 37 Pre...„ .rar

windows7-x64

3

APT 37 Pre...„ .rar

windows10-2004-x64

3

LGμœ ν”ŒλŸ...„ .chm

windows7-x64

1

LGμœ ν”ŒλŸ...„ .chm

windows10-2004-x64

1

LGμœ ν”ŒλŸ... .html

windows7-x64

1

LGμœ ν”ŒλŸ... .html

windows10-2004-x64

1

APT 37 Pre...„ .rar

windows7-x64

3

APT 37 Pre...„ .rar

windows10-2004-x64

3

APT 37 Pre...02.rar

windows7-x64

3

APT 37 Pre...02.rar

windows10-2004-x64

3

APT 37 Pre...1).rar

windows7-x64

3

APT 37 Pre...1).rar

windows10-2004-x64

3

APT 37 Pre...ge.rar

windows7-x64

3

APT 37 Pre...ge.rar

windows10-2004-x64

3

APT 37 Pre...¦.doc

windows7-x64

10

APT 37 Pre...¦.doc

windows10-2004-x64

10

APT 37 Pre...1).rar

windows7-x64

3

APT 37 Pre...1).rar

windows10-2004-x64

3

APT 37 Pre...2).rar

windows7-x64

3

APT 37 Pre...2).rar

windows10-2004-x64

3

APT 37 Pre...ce.rar

windows7-x64

3

APT 37 Pre...ce.rar

windows10-2004-x64

3

APT 37 Pre...1).rar

windows7-x64

3

APT 37 Pre...1).rar

windows10-2004-x64

3

APT 37 Pre...ne.rar

windows7-x64

3

APT 37 Pre...ne.rar

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    APT 37 Previous Commits 3.7z

  • Size

    7.3MB

  • Sample

    230321-3gbe5sff7z

  • MD5

    525868b1b5e1ef837bfd30f3365ae932

  • SHA1

    b401100fba5fafae6441603ce7601263be9e2198

  • SHA256

    b16ebaec337178a9f4c661d84a9998e453f4b693eab3e3fbc9bb6b957661f3c6

  • SHA512

    f3b55a67427a4c53b2fcbd9c4d061b9b7f84bc965e4def98b029fe6f115412b94b9ab4a18fd60a01fa94f4fd5dda40e85e36eea440eccb461afd6f0981b6d3a0

  • SSDEEP

    196608:DNPoR21rvw0BdYYkZsS6JDPOz4ci30VuCLQuNIv78:Jo6v/zYxZsS4DPrf30VpUY

Score
10/10
macromacro_on_action

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://attiferstudio.com/install.bak/sony/10.html

Targets

    • Target

      APT 37 Previous Commits 3/KN0408_045 μ •μ˜ν˜Έ.rar

    • Size

      1.3MB

    • MD5

      c23c17756e5ccf9543ea4fb9eb342fde

    • SHA1

      a573680ca86c4824608d4dadb6e55ec1ff9a1f80

    • SHA256

      ec734dcecfab5dc78f9a44045e7afd0bdfd34921b6f64d7e8e06354e1c44abe0

    • SHA512

      13ca07d4613adc490422ae2baadc9deee3fe00f4b9510bf2b8f4babb2882050aa4f005bf912a2dcb1915b0fbe72cb5060e9cd1c4436b7ab36b700f0292996e40

    • SSDEEP

      24576:4o9Y3jVWvGCpvf5281iOGQV6PVXNxuGelZgcKHrhzVqdAqkNgrhvFFR:U3ZWeCpvf57ix7PJHcKHred/eg9vTR

    Score
    3/10
    behavioral1behavioral2

    • Target

      KN0408_045 μ •μ˜ν˜Έ/KN0408_045 μ •μ˜ν˜Έ.chm

    • Size

      10KB

    • MD5

      afa9f80f87aa3b3654aed1a5311eb257

    • SHA1

      c734111509a163062597bd5524711d3d9d137aea

    • SHA256

      da4e91ee7a25ede2114e3b0bd33fbc2bc12967d2672c6a64344db1e9aa67d645

    • SHA512

      00794892e09f2ad6ca864a4e399ccf03360f540e6822f8b24a6a01e09dc4ab929021eb3381fb87db213d112d51ceb5a5f4be66ea49cfced0bea0447b3974d7ed

    • SSDEEP

      48:E8VtUfggp0iQQRlEFlErlEle5sVvbzZ/ezcyrcYyZrBN4tLaS0LzWSrtNgCi8aU9:EGUHD47y4YGv4kWyTaImPE57ExRs

    Score
    1/10
    behavioral3behavioral4

    • Target

      KN0408_045 μ •μ˜ν˜Έ/KN0408_045 μ •μ˜ν˜Έ.html (2)

    • Size

      5.8MB

    • MD5

      8792a328844e8e06dc13b9953fc204fb

    • SHA1

      cc0e0dcb3b3b6d346a35d58109f22031ebc47b67

    • SHA256

      0acab1b2bf01f8ce9388fc9c66378e414447661bdd253351bebf160de200c66d

    • SHA512

      5cfe211bef40d298573f6bd3a8f0dc462365f023ec8c385d6a2af60e757c576df495e1dfdf082f8123048f13252a0437b6a3a4d27d020871723619dade26ee0b

    • SSDEEP

      24576:Bp8+V6YbQDWpfi4TQWZXFb9elWCwAPuexuI9a0lDwMmZAFLeWHDYw6K2PtDKDVv7:Bp8+V6YUak4fZ+dPkKXtBh91pt8IPJyK

    Score
    1/10
    behavioral5behavioral6

    • Target

      APT 37 Previous Commits 3/LGμœ ν”ŒλŸ¬μŠ€_이동톡신_202207_이_μ„ .rar

    • Size

      486KB

    • MD5

      030df9bca0a35bcd88d5897482ee226d

    • SHA1

      1528eb1fed9d0024e7d20b28fed9df7e3ec7c465

    • SHA256

      55e09b18d5ac5900d8662e7ac58879cfd86a3dec4534c08cdd6d17ab85008646

    • SHA512

      e1c3c9d1f0fa687817ac485b9173b2a756b7e14ee314c1f1f654f98a6bdf4ce210c41a4f7a775066e938d7dbb5b188fcfd25e216c16e36d011420791aa624585

    • SSDEEP

      12288:gB+jp0r0II+bBXFxtCuxZoE/j6tTbIoUf:l0r0IIOBxCeZoEkTbIoo

    Score
    3/10
    behavioral7behavioral8

    • Target

      LGμœ ν”ŒλŸ¬μŠ€_이동톡신_202207_이_μ„ .chm

    • Size

      253KB

    • MD5

      097edc04368d411593fff1f49c2e1d9c

    • SHA1

      45ffedcff51f52bef646675c8e10b2f065c21511

    • SHA256

      d6ad0d1fab16e2413ac0cc747537259efc585d94b9680cb8e9f4f5af969b73f4

    • SHA512

      9bbcbaa0f920ab1e22e33372310a0faeae2a42071caabccb203b359f154726a6ef6f59c4409a0e3a9f6f86e0ed9f6dad3ade3cceaf4816b80f6cc495b3adea87

    • SSDEEP

      6144:yKp/+M2DezCzMitjQDZLe57eJHwlsIHAHwaGZMSuBCwfZ:7F+M2DezCogjQ9Le57sIxHOOZMSu3Z

    Score
    1/10
    behavioral10behavioral9

    • Target

      LGμœ ν”ŒλŸ¬μŠ€_이동톡신_202207_이_μ„ .html

    • Size

      365KB

    • MD5

      aadd9e71e5a5755bf1ffef67275750e2

    • SHA1

      9a5e1a09087d4146fbeddab7f41def5e1b3495b1

    • SHA256

      58d345c54a2a8a8781e39405f5495b4b35ac83eb6331a8a27b31adcaef57c450

    • SHA512

      7d09829c2a71d5a07608a35cf08c7fbf54629a97da069b995e1639ab2f244dd581cb043193917ae3498473d5375e36750ce8252c1647b94c99c7632bdcb746bb

    • SSDEEP

      6144:7tdb2jWwtY1HwYDeJG5KPLm8ee2SqY98yxYnXziu2CWtUsu1TnYl26foRxHO4:6viw3PJee29EuXWuJW/u5y2VHD

    Score
    1/10
    behavioral11behavioral12

    • Target

      APT 37 Previous Commits 3/LGμœ ν”ŒλŸ¬μŠ€_이동톡신_202208_이_μ„ .rar

    • Size

      240KB

    • MD5

      8eb56493d984b3c2fa4c2dedb6871dd7

    • SHA1

      bac69d2cb8b1e30b35f9cdb042702f5390230003

    • SHA256

      490f03bcd7f20254c5231a9a2074b656e78863af0ddc3eea71edac0bca01fd4f

    • SHA512

      396f638ee1bfc2f986dd6fd1df16f4e158eff58bbbfe47ca4475e9c4a7733dd3c88b686b8a92ca34052c819092b6df3c68d260d33a1f94b0d75660b13427c718

    • SSDEEP

      3072:OlvuDVQ/v1WhlCs8ETjuwZ//L+1dbd0sioQIf3AIrzqw6FcE36omfQOfINP+:vSdagHd0siodfnrzqTz3ykg

    Score
    3/10
    behavioral13behavioral14

    • Target

      APT 37 Previous Commits 3/MAIL_20230125151802.rar

    • Size

      3KB

    • MD5

      0c2375825dcae816a1f9b53f8f82d705

    • SHA1

      b44732c9fc0d70138cc9cd99b70aa43265888d8d

    • SHA256

      3c0b996e37dd3a2c6a457891065e09d47cd1fc25a91f2001ac8813de0a5e55f9

    • SHA512

      9d92d04dab7b7329559a3ac8c44decb21afdf46aa72b417ba796f4e80c1b03d0e540a7862d330b1b1ece4ba6d543fe003def867f3a92f91b9d23b116f66afd25

    Score
    3/10
    behavioral15behavioral16

    • Target

      APT 37 Previous Commits 3/Message (1).rar

    • Size

      15KB

    • MD5

      860b690a11c2086c0231b3c5c2d1e6ac

    • SHA1

      bb3e651e6377b1ec1cd09caeac02d7b4143f018b

    • SHA256

      c125be691e0d7d063e31623d811c8d95a1196d524ffd0ae6a11938bf366c2aa1

    • SHA512

      a9b5d3426eef8b756b729a039620ef7d3350a11ef499685875e641056d4a919ff869da8c4cbb2b73940985a07ed800c94ec45341f4d80cc3b00ef9d6ca1d6a4c

    • SSDEEP

      384:Z/eneGsCFsWHY2fPVAFXM5k8ot+YUhTn4R+2tj38Jh8SDdquj:mhtPfPVyMQ+fh32tjghdquj

    Score
    3/10
    behavioral17behavioral18

    • Target

      APT 37 Previous Commits 3/Message.rar

    • Size

      25KB

    • MD5

      93817f6dfe3a7596eeef049eda9c8b18

    • SHA1

      1bd6387699d4bc96ef8d28b40c50d5097bb7d23b

    • SHA256

      ce83fa08a4f6e8ecf88ecbd40cce042e5ada2ebdd8627922eb998edefe356c30

    • SHA512

      d5063925a91a9b429461f5542cd056994c5fee4442b62215254d3e481662409f0050981c46ab4f2956412b169470ffe1569855d9b250e0edf0084c28658290c0

    • SSDEEP

      384:zHTNgJry3dbZ8JGPGApCFUeWgh4dv6Rwgp5uXnpMsyz4UDup8fO/DWV1IUNWHnlo:zHTNerubjPnl6m0W64UDy/EAHl/MO2E0

    Score
    3/10
    behavioral19behavioral20

    • Target

      APT 37 Previous Commits 3/NEW(μ£Ό)μ— μ—μŠ€λΆμŠ€ μ‚¬μ—…μžλ“±λ‘μ¦.doc

    • Size

      768KB

    • MD5

      e89725778e52fa571a229cc6e65acd8d

    • SHA1

      11e14587aa9e4c3039a214b21d63a616a32aa01b

    • SHA256

      0474bb7c100c5187c838e5cf14969fdaf04ed541e373aa3b1ad607dd2b420a1b

    • SHA512

      cf070d7c2cd2f2006b55da592f4db8758ec94d3608d91bebef3ba958ac34bbabffa7dc2f17f52a77349ea922e6efbd22fddb74b6aaadd37593be2f28c3bcbb82

    • SSDEEP

      12288:5eNs9H0fEccVGYEOH1uW7vyaQaHbB/g+1ev/6d6htoWHdttOOJVYqTz:YeRcBc1u6tHHbm/QUoW9XOO8

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    behavioral21behavioral22

    • Target

      APT 37 Previous Commits 3/NTS_eTaxInvoice (1).rar

    • Size

      45KB

    • MD5

      2ec706626dcc9055fc7116aebfba8ec6

    • SHA1

      6b35b46bb29500689ca1551fb50290e4e9b11719

    • SHA256

      33f56b7bf8b72efb633b3e9fa66408746fb0d194eba2f218e9866e12e745a640

    • SHA512

      ca159349ad59c83a0222d7baa3a4345216c15002d204bab27e76bbe51a3d13c12643fba43893c3387f7b13849433cf7d563bf32a813322cb82af9568d1ea9223

    • SSDEEP

      768:gljjg46EFsos0GglcN5AKtvkJzjJnnwEeADw5dcy4BbjdewG2B6cmmE5mbC5RiOT:W4BE2oDGOghkVjJnnjDH/BbjM4VS5Fm8

    Score
    3/10
    behavioral23behavioral24

    • Target

      APT 37 Previous Commits 3/NTS_eTaxInvoice (2).rar

    • Size

      38KB

    • MD5

      aec423421b9eddddd2f6879b0ff3df32

    • SHA1

      591c8f52b9ec831746c6aefb96f1e94812af9d69

    • SHA256

      44a32b053b8798841bc2f786d8c4656a95b2371a6f9d723a239f1a1ffd1c2867

    • SHA512

      4058a2c70b397bb0fea84e0ff79a3a75a6f8ea07088fc2dcf41f28666ff465383bd9cbc6f7c62e7b86e37430087c8084777c655a1bc21b3b81f9d075a3c7e03a

    • SSDEEP

      768:0grWjTDDlTPFuBb7G6/BRfWjwy34Q/Xs4whOo8GO/5l/Ja:0grWrDlTN6b7r/rOj734Q/f88ZBJa

    Score
    3/10
    behavioral25behavioral26

    • Target

      APT 37 Previous Commits 3/NTS_eTaxInvoice.rar

    • Size

      46KB

    • MD5

      3fe6722cd256d6d5e1d5f5003d6a01a5

    • SHA1

      295b3faca55303b7aae8e0a7f50ca58d13080fa4

    • SHA256

      c96f75c3f347b385576b17257142bc37fdfde835aa2668cd35acf41957b15278

    • SHA512

      992fbf096e3bb11a4c02fb6d310564003f682e73f03c75f4063ca5651814400fcebd8049a4fabde67e76e1f497204742586f852528363114710f0b7b2b26a593

    • SSDEEP

      768:gPUbvNG25gxroWNfk6ClSdkRprF2LJeyp9Qaq7VoCzKtw/81i8DYyTPaajc6gQhN:XvNG2sroWNfcj7M1RBeCpt78FyTPaajN

    Score
    3/10
    behavioral27behavioral28

    • Target

      APT 37 Previous Commits 3/News about Foreign affairs, The High North and Ukraine (1).rar

    • Size

      5KB

    • MD5

      fe69fd64192a6811375eb23dbd77c3e0

    • SHA1

      a5243ae32b4130db1613d735ebe12ca903010788

    • SHA256

      231fbaa9f85cf016114f8d66552665dd5d181cfb50391825e615c3eb2695cc8b

    • SHA512

      e58acb2858184e5781c614cd4db558f6a719b8f20c8facd1da63a2b62f2a096b4166364d5b907fc75290e753e4ea20eb76831d7e0dc73621c71b2f0d61dae06c

    • SSDEEP

      96:FeL+MD6G7GMR1IAL3pF2bew0F0a6XEJZUJtRGLPDeZXLlFZBArQ:oL+TG7DR1JpFpwQ+aUJ2L+lZ

    Score
    3/10
    behavioral29behavioral30

    • Target

      APT 37 Previous Commits 3/News about Foreign affairs, The High North and Ukraine.rar

    • Size

      5KB

    • MD5

      c1b6390f0ef992571fa9ed3c47eb0883

    • SHA1

      b8884aef475d51c2884690c41ac1bca0e3b70c22

    • SHA256

      2ec6af06df2ba4703c713b92b6be1d47757db14d3fb919314061bbe0a41020f1

    • SHA512

      490d8998d3cb21c0c5df911d40fed907033d9e6c5028b1bf357635ee5e04a286d0263f06993d920926beb9c90fcd0f32d5f4a0f4d161c8431bfbba77efaae0ec

    • SSDEEP

      96:gtxyhhpsmmcdX6gQblm77ygX7YmAbJbGE8GLxs9pinpyg3w10S4FiwW:gahhp/ObA77ygLY5dbGE8Ys7ipyaw10+

    Score
    3/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

13
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

macromacro_on_action
Score
8/10

behavioral1

Score
3/10

behavioral2

Score
3/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
10/10

behavioral22

Score
10/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
3/10

behavioral30

Score
3/10

behavioral31

Score
3/10

behavioral32

Score
3/10