Overview

overview

8

Static

static

3

Kang Min-c... 2.doc

windows7-x64

4

Kang Min-c... 2.doc

windows10-2004-x64

1

Kang Min-c... 2.lnk

windows7-x64

8

Kang Min-c... 2.lnk

windows10-2004-x64

8

backdoor.exe

windows7-x64

1

backdoor.exe

windows10-2004-x64

1

Resubmissions

15/05/2023, 08:56

230515-kv1yvahh6x 8

26/04/2022, 12:32

220426-pq1jqsgcgn 8

Sharing

Copy URL Twitter E-mail

General

  • Target

    Archive.zip

  • Size

    1.8MB

  • Sample

    230515-kv1yvahh6x

  • MD5

    13aaa52cab1cfaf44812756de9e7f89b

  • SHA1

    7f2387c6a4009c7cd179459347f9bd2cda1a22ed

  • SHA256

    539ef744066a46293e1ffa3ecc5015be6c2c7d622d176b18916f06b365597e46

  • SHA512

    b5a0700026980dbe7bfbcc809af79ff57339e89605cb7cb9884466ec83c5e74ca42637b0a516c902cb93c2b3fff02d60c8f3db3d34eccfed78d51e18c0248451

  • SSDEEP

    49152:O1yZbBwzUd/umVK4xhHnyTAnzNyTX4WxHf2ILG:OlUdxVK47nyIzNs4ks

Score
8/10

Malware Config

Targets

    • Target

      Kang Min-chol Edits 2.doc

    • Size

      525KB

    • MD5

      3f209fa947acfa93d67d40de9fa32fb2

    • SHA1

      68c3974f4e089736e4263e4368daa53e419471bc

    • SHA256

      94ca32c0a3002574d7ea1bef094146a9d3b2ad0018b3e3d3f4ffca8689b89e5a

    • SHA512

      0b30c69ed47817e8c6890b5d83011020fbc919b9fb52de116c4920b84cfa2c667e855ca30afc78e99ecc1ad4990cc681d05c7c933c0c91489932b03d62d23ca8

    • SSDEEP

      6144:luqgL6dMo3LzAxwPezulhJmHkYnPs/Zx5+3tg1pQZJo3b8VihA/wwH88xinXHdaX:lzitxwPX/5hOor8VihA/wwc8xiXHk

    Score
    4/10
    behavioral1behavioral2

    • Target

      Kang Min-chol Edits 2.lnk

    • Size

      269.6MB

    • MD5

      99fb399c9b121ef6e60e9bdff8b324b2

    • SHA1

      ea0609fbf3bf0cfb2acea989126d8caafe5350ec

    • SHA256

      120ca851663ef0ebef585d716c9e2ba67bd4870865160fec3b853156be1159c5

    • SHA512

      5f44ea1d7ad196c9f54371f7a176da2a0be0499b4acac3f2ac3bd99a517f045e086ae066d2fa7239f23ece2ea2cf115c2ecd8bdc973200fea78b6f0ca39c3a6f

    • SSDEEP

      6144:BGuqgL6dMo3LzAxwPezulhJmHkYnPs/Zx5+3tg1pQZJo3b8VihA/wwH88xinXHdk:BGzitxwPX/5hOor8VihA/wwc8xiXHkV

    Score
    8/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral3behavioral4

    • Target

      backdoor.exe

    • Size

      1.1MB

    • MD5

      8a7ed15dfd5e385b3913129c372cc026

    • SHA1

      ff172a51c13c1a3be7f2c8b1e9352492e2ee01d6

    • SHA256

      485246b411ef5ea9e903397a5490d106946a8323aaf79e6041bdf94763a0c028

    • SHA512

      9f8621babba1917e4907d563f068a39c9db64f908e9e6083a9c8520558090117fdc6159e5af38f44524bdc2eecf4d4e6b9e2bba3053e190322aee18642ffd9a4

    • SSDEEP

      24576:2QLVx+nSmMsWO1ANzhNJutjOuXLmDbbRfh3qacMWOEjzDHLPOCTYZMS98kx9:2u0nSmM9O14hNJWXqPxhSpOELLPOCTMV

    Score
    1/10
    behavioral5behavioral6

MITRE ATT&CK Enterprise v6

Tasks