Overview
overview
10Static
static
8LG유플....html
windows7-x64
1LG유플....html
windows10-2004-x64
1LG유플...ml.lnk
windows7-x64
10LG유플...ml.lnk
windows10-2004-x64
10MAIL_20230...02.chm
windows7-x64
10MAIL_20230...02.chm
windows10-2004-x64
10Message.chm
windows7-x64
10Message.chm
windows10-2004-x64
10Message.chm
windows7-x64
10Message.chm
windows10-2004-x64
10General
-
Target
APT 37 Previous Commits 3.7z
-
Size
7.3MB
-
Sample
230321-3jlnwsfg2w
-
MD5
525868b1b5e1ef837bfd30f3365ae932
-
SHA1
b401100fba5fafae6441603ce7601263be9e2198
-
SHA256
b16ebaec337178a9f4c661d84a9998e453f4b693eab3e3fbc9bb6b957661f3c6
-
SHA512
f3b55a67427a4c53b2fcbd9c4d061b9b7f84bc965e4def98b029fe6f115412b94b9ab4a18fd60a01fa94f4fd5dda40e85e36eea440eccb461afd6f0981b6d3a0
-
SSDEEP
196608:DNPoR21rvw0BdYYkZsS6JDPOz4ci30VuCLQuNIv78:Jo6v/zYxZsS4DPrf30VpUY
Behavioral task
behavioral1
Sample
LG유플러스_이동통신_202208_이_선.html
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
LG유플러스_이동통신_202208_이_선.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
LG유플러스_이동통신_202208_이_선.html.lnk
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
LG유플러스_이동통신_202208_이_선.html.lnk
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
MAIL_20230125151802.chm
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
MAIL_20230125151802.chm
Resource
win10v2004-20230221-en
Behavioral task
behavioral7
Sample
Message.chm
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
Message.chm
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
Message.chm
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
Message.chm
Resource
win10v2004-20230220-en
Malware Config
Extracted
http://attiferstudio.com/install.bak/sony/4.html
Extracted
http://attiferstudio.com/install.bak/sony/3.html
Extracted
http://141.105.65.165/data/3.html
Extracted
http://attiferstudio.com/install.bak/sony/7.html
Targets
-
-
Target
LG유플러스_이동통신_202208_이_선.html
-
Size
365KB
-
MD5
697ddcc6db39f02d3b47a65ac3cade74
-
SHA1
fd3c506e0365455121502b7fc0d94d0176a092ee
-
SHA256
df713142e412eebe0347c2bd1ba980f2331fc02418be4f7185318c54acb9fea3
-
SHA512
6fed3fefe7ca6730aee4fca5feb1641ae6491f5d65f9e9b0d2532c3cf622c1d66b9a70f44d64b76776981b846e443f1ac6e871badde56760e682064bc93467e6
-
SSDEEP
6144:7tdb2jWwtY1HwYDeJG5KPLm8ee2lyvlxK5s8ZlWRm2Lqm9YnbY9oy:6viw3PJee2lkl2WNH9YE9oy
Score1/10 -
-
-
Target
LG유플러스_이동통신_202208_이_선.html.lnk
-
Size
1KB
-
MD5
eb7a6e3dc8bbc26f208c511ec7ee1d4c
-
SHA1
b259d84f43f10a00edf1eca1c48610490e0aeb4c
-
SHA256
7c248e03cf87ea3d9a207b17925b7fd8998e9a0b462e601d178ff4c1cd9a1708
-
SHA512
b583bf4cd0b31b9961a268cacd1d05c104886487960c03924c3ba07c33aa56743ed9c3d30bc0191c501db5214360612ae0c8721690001fc8a459c06609dc7227
Score10/10-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
MAIL_20230125151802.chm
-
Size
10KB
-
MD5
45bd3001517f5e913ddde83827f4cc29
-
SHA1
710a7d78c4bbca17d6cefce8c392e7d358c37a8d
-
SHA256
c80fbab8c27cb9be91885a470377088d6639b95b85dfe5ae3c346e537b143a87
-
SHA512
c2dcf7d3d6e1353fe6259e326517c07c2e168bc83c0847c293d15d2a0fcc0bbec31506de2347b45a6455465d88a27bde68179352c4473a8eac7ce63b3581bb75
-
SSDEEP
48:U5yGg202QRlEFlErlElZO5sD7GH6N6xWX3VGJtihAxkNzY94ApKSE7HWVMjUBxBD:U5y6khHq6UMl94A0AMjUBxBjR7UyEf0
Score10/10-
Blocklisted process makes network request
-
-
-
Target
Message.chm
-
Size
23KB
-
MD5
a2a8094933150e18fb31f24b5e20643b
-
SHA1
e4a2958358b33ad814828efeaa6295eb46510599
-
SHA256
c529b6e0b012d8246f9f2720f72253d8d52a1a58f2ee3db32128b2a96c813b9a
-
SHA512
24b43e8452d0b0fc76cb60e6c99e2537c7038ab6808f48ce1578733f1b39e53cffd2a437338ecbcec43944b6331a08657918cb6cfdbaa89db6c2e85ebdf0a6c9
-
SSDEEP
384:2yOvnvzjch5duuyTvBLalWcOrFETyshkB+6tBUMk0zpU:2yOvnbwhv+v1rc4FE+shq+67ZpU
Score10/10-
Blocklisted process makes network request
-
-
-
Target
Message.chm
-
Size
32KB
-
MD5
0bf993c36aac528135749ec494f96e96
-
SHA1
2082df9f3c58fc1c5fc285c07f25e93e30665a74
-
SHA256
1830b84698851535c1029d10190e5d5518f90472102918a336222e9e9c7dba1b
-
SHA512
ffac9634e01a2b74131780500c40881ed5092c87194296bbe6e579e8cab50ca663086a7fd66b5a6a4f1de6053d22068d485b78e0382ec893e3c4c983ff8a58ec
-
SSDEEP
768:BQJWnBJ1mYvGnYULEgbSF82B46DzDoEP4IiZx:BQJWnHGY8uZNzDoFIE
Score10/10-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-