Lazarus 위협 그룹의 Volgmer, Scout 악성코드 분석 보고서 - ASEC BLOG
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Ssh - T1021.004 Vnc - T1021.005 Graphical User Interface - T1061 Graphical User Interface |
Common Information
| Type | Value |
|---|---|
| UUID | 0c411a5d-0867-491d-a4c7-e0953476f6ed |
| Fingerprint | 463e1a0ddd083af9 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 4, 2023, 1:20 p.m. |
| Added to db | Oct. 22, 2023, 9:14 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Lazarus 위협 그룹의 Volgmer, Scout 악성코드 분석 보고서 |
| Title | Lazarus 위협 그룹의 Volgmer, Scout 악성코드 분석 보고서 - ASEC BLOG |
| Detected Hints/Tags/Attributes | 42/2/127 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/ko/57427/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 18 | ✔ | ASEC | https://asec.ahnlab.com/ko/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 2 | pdm.bat |
|
| Details | File | 2 | hlrmenum.dll |
|
| Details | File | 380 | notepad.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 2 | bnsvc.dll |
|
| Details | File | 312 | calc.exe |
|
| Details | File | 478 | lsass.exe |
|
| Details | File | 2 | logonhourss.dll |
|
| Details | File | 31 | generic.c4 |
|
| Details | File | 2 | lazardoor.c4 |
|
| Details | File | 7 | win32.dll |
|
| Details | File | 2 | civolmgmt.dll |
|
| Details | File | 2 | divolenum.dll |
|
| Details | File | 2 | fqrmsvc.dll |
|
| Details | File | 2 | bgmsecenum.dll |
|
| Details | File | 2 | xkupsvc.dll |
|
| Details | File | 2 | idefsrv.dll |
|
| Details | File | 2 | hssvc.dll |
|
| Details | File | 2 | sbiimgr.dll |
|
| Details | File | 2 | eqpkamgmt.dll |
|
| Details | File | 2 | irmons.dll |
|
| Details | File | 2 | exwtr.dll |
|
| Details | File | 2 | helpsvcs.dll |
|
| Details | File | 2 | olesvc.bin |
|
| Details | File | 2 | nwcworkstations.dll |
|
| Details | File | 2 | nlas.dll |
|
| Details | File | 2 | ddmgr.dll |
|
| Details | File | 2 | ntmgr.dll |
|
| Details | File | 2 | fhcmgr.dll |
|
| Details | File | 2 | xbmgr.dll |
|
| Details | File | 2 | hgiezmgmt.dll |
|
| Details | File | 2 | lrmons.dll |
|
| Details | File | 2 | tzmgr.dll |
|
| Details | File | 2 | bqmgr.dll |
|
| Details | File | 2 | fnsysn.dll |
|
| Details | File | 2 | exwtrsvc.exe |
|
| Details | File | 2 | fmsysm.exe |
|
| Details | File | 2 | comms.db |
|
| Details | File | 2 | gpklmgmt.dll |
|
| Details | File | 2 | oxmgmt.dll |
|
| Details | File | 2 | gokimgmt.dll |
|
| Details | File | 2 | tfbgmmgmt.dll |
|
| Details | File | 2 | comms.bin |
|
| Details | File | 2 | mib.cfg |
|
| Details | File | 13 | keys.dat |
|
| Details | File | 2 | wdsvc.dll |
|
| Details | File | 2 | mib.bin |
|
| Details | File | 2 | srservices.dll |
|
| Details | File | 2 | eppagent.bin |
|
| Details | File | 2 | usoshared.bin |
|
| Details | File | 2 | ose.bin |
|
| Details | File | 25 | event.dat |
|
| Details | File | 2 | wpnsvc.dll |
|
| Details | File | 2 | wagent.dat |
|
| Details | md5 | 2 | 8766fe8380b144907efa286a814c2241 |
|
| Details | md5 | 4 | 1ecd83ee7e4cfc8fed7ceb998e75b996 |
|
| Details | md5 | 3 | 35f9cfe5110471a82e330d904c97466a |
|
| Details | md5 | 3 | 5dd1ccc8fb2a5615bf5656721339efed |
|
| Details | md5 | 3 | 9a5fa5c5f3915b2297a1c379be9979f0 |
|
| Details | md5 | 3 | a545f548b09fdf61405f5cc07e4a7fa1 |
|
| Details | md5 | 3 | eb9db98914207815d763e2e5cfbe96b9 |
|
| Details | md5 | 3 | fe32303e69b201f9934248cc06b32ef8 |
|
| Details | md5 | 3 | 85b6e4ea8707149b48e41454cbd0d5ad |
|
| Details | md5 | 3 | 64965a88e819fb93dbabafc4e3ad7b6c |
|
| Details | md5 | 3 | 6da7d8aec65436e1350f1c0dfc4016b7 |
|
| Details | md5 | 3 | e3d03829cbec1a8cca56c6ae730ba9a8 |
|
| Details | md5 | 3 | 0171c4a0a53188fe6f9c3dfcc5722be6 |
|
| Details | md5 | 3 | 17eacf4b4ae2ca4b07672dcc12e4d66d |
|
| Details | md5 | 3 | 1e2acecce7b5e9045b07d65e9e8afe1f |
|
| Details | md5 | 3 | 226cc1f17c4625837b37b5976acbd68e |
|
| Details | md5 | 3 | 3e6119ebfacd1d88acbd2ca460c70b49 |
|
| Details | md5 | 3 | 4753679cef5162000233d69330208420 |
|
| Details | md5 | 3 | 5473fa2c5823fbab2b94e8d5c44bc7b4 |
|
| Details | md5 | 3 | 570a4253ae80ee8c2b6b23386e273f3a |
|
| Details | md5 | 3 | 5c87373eef090bed525b80aef398ee8a |
|
| Details | md5 | 3 | 693afaedf740492df2a09dfcc08a3dff |
|
| Details | md5 | 3 | 6e21cc6669ada41e48b369b64ec5f37b |
|
| Details | md5 | 3 | 72756e6ebb8274d9352d8d1e7e505906 |
|
| Details | md5 | 3 | 8b3ec4b9c7ad20af418e89ca6066a3ad |
|
| Details | md5 | 3 | 947124467bd04b7624d9b31e02b5ee7f |
|
| Details | md5 | 3 | 9a87f19609f28d7f7d76f9759864bd08 |
|
| Details | md5 | 3 | b1225fa644eebafba07f0f5e404bd4fd |
|
| Details | md5 | 3 | cf2ff5b59c638a06d8b81159b9a435ea |
|
| Details | md5 | 3 | d52b5d8c20964333f79ff1bce3385d0b |
|
| Details | md5 | 3 | e273803ae6724a714b970dd86ca1acd0 |
|
| Details | md5 | 3 | ea5d322648ff108b1c9cbdd1ef4a5959 |
|
| Details | md5 | 3 | 44fa8daa347ef5dd107bf123b4688797 |
|
| Details | md5 | 3 | 7f953c6988d829c9c4ac2002572c9055 |
|
| Details | md5 | 3 | c2ab2a8ffdc18c24080e889a634ef279 |
|
| Details | md5 | 3 | 05bb1d8b7e62f4305d97042f07c64679 |
|
| Details | md5 | 3 | 0b78347acf76d4bb66212bf9a41b9fb9 |
|
| Details | md5 | 3 | 0ed86587124f08325cd8f3d3d2556292 |
|
| Details | md5 | 3 | 35943aa640e122fcb127b2bfd6e29816 |
|
| Details | md5 | 3 | 394b05394ebb9b239a063a6b5839edb9 |
|
| Details | md5 | 3 | 5496adcd712d4378950ba62ad4c2423b |
|
| Details | md5 | 3 | 64cac69ab1e9108e0035f9ce38b47db7 |
|
| Details | md5 | 3 | 695e5b8dc9615ec603fe2cbb7326a50f |
|
| Details | md5 | 3 | c07e04d388fb394ac190aace51c03c33 |
|
| Details | md5 | 3 | c41eb1ea59fab31147c5b107cc1c5a51 |
|
| Details | md5 | 3 | cc5a8a15d5808002e62d5daf2d4f31b3 |
|
| Details | md5 | 3 | 0b746394c9d23654577f4c0f2a39a543 |
|
| Details | md5 | 3 | 225cdc9b452b6d5a3f7616dcc9333d7d |
|
| Details | md5 | 3 | 43f218d3a4b2199468b00a0b43f51c79 |
|
| Details | md5 | 3 | 4b1f1db4f169ca6b57015b313d665045 |
|
| Details | md5 | 3 | 80d34f9ca10b0e8b49c02139e4615b7a |
|
| Details | md5 | 3 | 855e26d530e69ddc77bb19561fb19d90 |
|
| Details | md5 | 3 | 9ec3a4257564658f651896abc608680e |
|
| Details | md5 | 3 | a76624578ed42cceba81c76660977562 |
|
| Details | md5 | 3 | b517e7ad07d1182feb4b8f61549ff233 |
|
| Details | md5 | 3 | fa868a38ceeb46ee9cf8bd441a67ae27 |
|
| Details | md5 | 3 | 1f1a3fe0a31bd0b17bc63967de0ccc29 |
|
| Details | md5 | 3 | fa3e49c877a95f37fd25dbd62f9e274c |
|
| Details | md5 | 3 | 202a7eec39951e1c0b1c9d0a2e24a4c4 |
|
| Details | md5 | 3 | b457e8e9d92a1b31a4e2197037711783 |
|
| Details | md5 | 3 | 8543667917a318001d0e331aeae3fb9b |
|
| Details | md5 | 3 | c16a6178a4910c6f3263a01929f306b9 |
|
| Details | md5 | 3 | 1c89fb4aee20020bfd75713264df97cd |
|
| Details | md5 | 3 | 76f02ab112b8e077544d0c0a6e0c428a |
|
| Details | md5 | 3 | 7ba37d662f19bef27c3da2fd2cee0e3a |
|
| Details | md5 | 3 | 7f0e773397808b4328ad11d6948a683f |
|
| Details | md5 | 3 | bf5d815597018fe7f3dfb52d4f7e1f65 |
|
| Details | sha1 | 2 | 8f919e6d8970faede0b10cfd5f82da53a83ca34d |
|
| Details | Pdb | 2 | engine.pdb |
|
| Details | Windows Registry Key | 5 | HKLM\SYSTEM\CurrentControlSet\Control\WMI\Security |
|
| Details | Windows Registry Key | 8 | HKLM\SYSTEM\CurrentControlSet\Control\Lsa |
|
| Details | Windows Registry Key | 33 | HKLM\SYSTEM\CurrentControlSet\Services |
|
| Details | Windows Registry Key | 164 | HKLM\SOFTWARE\Microsoft\Windows |