Analyzing spear-phishing campaign by Konni APT
Contents
Contents
- Introduction.
- Overview.
- Technical Analysis.
- Analyzing LNK file.
- Analysis of PS1 file.
- Analysis of ZIP file.
- Analysis of 26545.tmp
- Analysis of AN9385.tmp
- IOCs
- Conclusion
Introduction
Hello everyone, in this post, I will be analyzing a campaign which is suspected by the Konni APT group. In my previous study on Kimsuky, I came across some de-obfuscation techniques that seem similar in this set of samples also, which gives me more confidence. In this blog, I will discuss these techniques in more detail.
The malware sample I’m analyzing had been posted on this post. In this post, I will break down its execution flow, how it operates, and its working in-depth . Stay tuned for a deep dive into its behavior and techniques!
Overview
In this campaign, the malware initially enters the victim’s system through a malicious LNK file. This LNK file contains an unreserved section where the initial malicious code is stored. Afterward, the file downloads …
- Introduction.
- Overview.
- Technical Analysis.
- Analyzing LNK file.
- Analysis of PS1 file.
- Analysis of ZIP file.
- Analysis of 26545.tmp
- Analysis of AN9385.tmp
- IOCs
- Conclusion
Introduction
Hello everyone, in this post, I will be analyzing a campaign which is suspected by the Konni APT group. In my previous study on Kimsuky, I came across some de-obfuscation techniques that seem similar in this set of samples also, which gives me more confidence. In this blog, I will discuss these techniques in more detail.
The malware sample I’m analyzing had been posted on this post. In this post, I will break down its execution flow, how it operates, and its working in-depth . Stay tuned for a deep dive into its behavior and techniques!
Overview
In this campaign, the malware initially enters the victim’s system through a malicious LNK file. This LNK file contains an unreserved section where the initial malicious code is stored. Afterward, the file downloads …
IoC
http://64.20.59.148
64.20.59.148
6fb3dfe451b37b0304a42e62759bf3670d5b4dd0232621dac0739061fa4704e2
9ce42177bafe552495b8329726bb4acfcb5f9e886377a2e76fb901fa01ae407c
ec78b61a5f54805bbdffd69d57ce76db41d1adbb85c544688769eacf29d928cb
1a61340179c811b17c332452cfd1d7277d615697a6993ca870834b91e7070975
a1376496406895a00d9009b36a6e1073553f3198502a71d33d7438e68914261a
64.20.59.148
6fb3dfe451b37b0304a42e62759bf3670d5b4dd0232621dac0739061fa4704e2
9ce42177bafe552495b8329726bb4acfcb5f9e886377a2e76fb901fa01ae407c
ec78b61a5f54805bbdffd69d57ce76db41d1adbb85c544688769eacf29d928cb
1a61340179c811b17c332452cfd1d7277d615697a6993ca870834b91e7070975
a1376496406895a00d9009b36a6e1073553f3198502a71d33d7438e68914261a