Overview

overview

10

Static

static

8

LG유플....html

windows7-x64

1

LG유플....html

windows10-2004-x64

1

LG유플...ml.lnk

windows7-x64

10

LG유플...ml.lnk

windows10-2004-x64

10

MAIL_20230...02.chm

windows7-x64

10

MAIL_20230...02.chm

windows10-2004-x64

10

Message.chm

windows7-x64

10

Message.chm

windows10-2004-x64

10

Message.chm

windows7-x64

10

Message.chm

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    APT 37 Previous Commits 3.7z

  • Size

    7.3MB

  • Sample

    230321-3jlnwsfg2w

  • MD5

    525868b1b5e1ef837bfd30f3365ae932

  • SHA1

    b401100fba5fafae6441603ce7601263be9e2198

  • SHA256

    b16ebaec337178a9f4c661d84a9998e453f4b693eab3e3fbc9bb6b957661f3c6

  • SHA512

    f3b55a67427a4c53b2fcbd9c4d061b9b7f84bc965e4def98b029fe6f115412b94b9ab4a18fd60a01fa94f4fd5dda40e85e36eea440eccb461afd6f0981b6d3a0

  • SSDEEP

    196608:DNPoR21rvw0BdYYkZsS6JDPOz4ci30VuCLQuNIv78:Jo6v/zYxZsS4DPrf30VpUY

Score
10/10
discoverymacromacro_on_action

Malware Config

Extracted

Language
hta
Source
URLs
hta.dropper

http://attiferstudio.com/install.bak/sony/4.html

Extracted

Language
hta
Source
URLs
hta.dropper

http://attiferstudio.com/install.bak/sony/3.html

Extracted

Language
hta
Source
URLs
hta.dropper

http://141.105.65.165/data/3.html

Extracted

Language
hta
Source
URLs
hta.dropper

http://attiferstudio.com/install.bak/sony/7.html

Targets

    • Target

      LG유플러스_이동통신_202208_이_선.html

    • Size

      365KB

    • MD5

      697ddcc6db39f02d3b47a65ac3cade74

    • SHA1

      fd3c506e0365455121502b7fc0d94d0176a092ee

    • SHA256

      df713142e412eebe0347c2bd1ba980f2331fc02418be4f7185318c54acb9fea3

    • SHA512

      6fed3fefe7ca6730aee4fca5feb1641ae6491f5d65f9e9b0d2532c3cf622c1d66b9a70f44d64b76776981b846e443f1ac6e871badde56760e682064bc93467e6

    • SSDEEP

      6144:7tdb2jWwtY1HwYDeJG5KPLm8ee2lyvlxK5s8ZlWRm2Lqm9YnbY9oy:6viw3PJee2lkl2WNH9YE9oy

    Score
    1/10
    behavioral1behavioral2

    • Target

      LG유플러스_이동통신_202208_이_선.html.lnk

    • Size

      1KB

    • MD5

      eb7a6e3dc8bbc26f208c511ec7ee1d4c

    • SHA1

      b259d84f43f10a00edf1eca1c48610490e0aeb4c

    • SHA256

      7c248e03cf87ea3d9a207b17925b7fd8998e9a0b462e601d178ff4c1cd9a1708

    • SHA512

      b583bf4cd0b31b9961a268cacd1d05c104886487960c03924c3ba07c33aa56743ed9c3d30bc0191c501db5214360612ae0c8721690001fc8a459c06609dc7227

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      MAIL_20230125151802.chm

    • Size

      10KB

    • MD5

      45bd3001517f5e913ddde83827f4cc29

    • SHA1

      710a7d78c4bbca17d6cefce8c392e7d358c37a8d

    • SHA256

      c80fbab8c27cb9be91885a470377088d6639b95b85dfe5ae3c346e537b143a87

    • SHA512

      c2dcf7d3d6e1353fe6259e326517c07c2e168bc83c0847c293d15d2a0fcc0bbec31506de2347b45a6455465d88a27bde68179352c4473a8eac7ce63b3581bb75

    • SSDEEP

      48:U5yGg202QRlEFlErlElZO5sD7GH6N6xWX3VGJtihAxkNzY94ApKSE7HWVMjUBxBD:U5y6khHq6UMl94A0AMjUBxBjR7UyEf0

    Score
    10/10

    • Blocklisted process makes network request

    behavioral5behavioral6

    • Target

      Message.chm

    • Size

      23KB

    • MD5

      a2a8094933150e18fb31f24b5e20643b

    • SHA1

      e4a2958358b33ad814828efeaa6295eb46510599

    • SHA256

      c529b6e0b012d8246f9f2720f72253d8d52a1a58f2ee3db32128b2a96c813b9a

    • SHA512

      24b43e8452d0b0fc76cb60e6c99e2537c7038ab6808f48ce1578733f1b39e53cffd2a437338ecbcec43944b6331a08657918cb6cfdbaa89db6c2e85ebdf0a6c9

    • SSDEEP

      384:2yOvnvzjch5duuyTvBLalWcOrFETyshkB+6tBUMk0zpU:2yOvnbwhv+v1rc4FE+shq+67ZpU

    Score
    10/10

    • Blocklisted process makes network request

    behavioral7behavioral8

    • Target

      Message.chm

    • Size

      32KB

    • MD5

      0bf993c36aac528135749ec494f96e96

    • SHA1

      2082df9f3c58fc1c5fc285c07f25e93e30665a74

    • SHA256

      1830b84698851535c1029d10190e5d5518f90472102918a336222e9e9c7dba1b

    • SHA512

      ffac9634e01a2b74131780500c40881ed5092c87194296bbe6e579e8cab50ca663086a7fd66b5a6a4f1de6053d22068d485b78e0382ec893e3c4c983ff8a58ec

    • SSDEEP

      768:BQJWnBJ1mYvGnYULEgbSF82B46DzDoEP4IiZx:BQJWnHGY8uZNzDoFIE

    Score
    10/10
    discovery

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral10behavioral9

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

5
T1112

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks