Analysis of Lazarus malware abusing Non-ActiveX Module in South Korea
Common Information
Type Value
UUID 3d063412-f35f-4a78-8766-e1bb8ed068e1
Fingerprint d992291f4d66e278
Analysis status DONE
Considered CTI value 2
Text language
Published July 9, 2021, 2:50 a.m.
Added to db Sept. 11, 2022, 12:35 p.m.
Last updated Dec. 21, 2024, 4:49 a.m.
Headline Analysis of Lazarus malware abusing Non-ActiveX Module in South Korea
Title Analysis of Lazarus malware abusing Non-ActiveX Module in South Korea
Detected Hints/Tags/Attributes 21/2/19
Attributes
Details Type #Events CTI Value
Details Domain 2
grandgolf.co.kr
Details Domain 1
www.namchuncheon.co.kr
Details Domain 1
www.kdone.co.kr
Details File 2
compareplus.dll
Details File 21
scskapplink.dll
Details File 1
c:\programdata\scskapplink.dll
Details File 11
inisafecrosswebexsvc.exe
Details File 1
c:\program files\initech\inisafe web ex client\inisafecrosswebexsvc.exe
Details File 2
comp.exe
Details File 1
c:\windows\system32\comp.exe
Details File 1
facilities_01_06.asp
Details File 1
nppastyle.dll
Details File 1
search_left.asp
Details File 1
emailutil.asp
Details md5 3
b3a8c88297daecdb9b0ac54a3c107797
Details md5 1
98151ba9f3e0a55bba16c58428b3a178
Details sha1 2
46660f562fe01b5df0e1ac03dd44b4cc8d2fa5f5
Details sha256 2
a881c9f40c1a5be3919cafb2ebe2bb5b19e29f0f7b28186ee1f4b554d692e776
Details sha256 1
61367c3a1d4c9ccaee568157bc4cf2feb997161ed3395878a448d8a2bf67dfa9