Another Lazarus Injector
Contents
Recently, a VirusTotal submitter uploaded a file that was digitally signed with the same certificate as two previously reported Lazarus tools. Like one of those tools, this newly uploaded malware appears to act as an injector, although it behaves significantly differently.
This blog post offers a brief analysis of the features and purpose of this injection tool, as well as a comparison with a previously identified injection tool that behaves significantly differently and likely serves a different operational purpose.
Update 20 October, 2019: A small section towards the bottom of this post has been updated to reflect this malware’s strong resemblance to a file described in a US-CERT Report in late 2018. The file in that report served as an injector for the FASTCash AIX malware. Given this file’s similarity, it is highly likely that this file is intended to perform a similar function, but on a Windows environment.
MD5: 89081f2e14e9266de8c042629b764926
SHA1: 730c1b9e950932736fc4b02cbdb4e4e891485ac2
SHA256: 39cbad3b2aac6298537a85f0463453d54ab2660c913f4f35ba98fffeb0b15655
Curiously, …
This blog post offers a brief analysis of the features and purpose of this injection tool, as well as a comparison with a previously identified injection tool that behaves significantly differently and likely serves a different operational purpose.
Update 20 October, 2019: A small section towards the bottom of this post has been updated to reflect this malware’s strong resemblance to a file described in a US-CERT Report in late 2018. The file in that report served as an injector for the FASTCash AIX malware. Given this file’s similarity, it is highly likely that this file is intended to perform a similar function, but on a Windows environment.
MD5: 89081f2e14e9266de8c042629b764926
SHA1: 730c1b9e950932736fc4b02cbdb4e4e891485ac2
SHA256: 39cbad3b2aac6298537a85f0463453d54ab2660c913f4f35ba98fffeb0b15655
Curiously, …
IoC
39cbad3b2aac6298537a85f0463453d54ab2660c913f4f35ba98fffeb0b15655
730c1b9e950932736fc4b02cbdb4e4e891485ac2
89081f2e14e9266de8c042629b764926
730c1b9e950932736fc4b02cbdb4e4e891485ac2
89081f2e14e9266de8c042629b764926