Case of Larva-25004 Group (Related to Kimsuky) Exploiting Additional Certificate - Malware Signed with Nexaweb Certificate
Contents
Case of Larva-25004 Group (Related to Kimsuky) Exploiting Additional Certificate – Malware Signed with Nexaweb Certificate
AhnLab SEcurity intelligence Center (ASEC) has discovered malware signed with the certification of Nexaweb Inc. by investigating a file with the same characteristics as the one signed with a Korean company’s certificate. These malware samples have been reported by other security companies about the activities of the Kimsuky group.
AhnLab is tracking them, naming them Larva-25004.
Malware Signed with the Nexaweb Certificate
Two files were discovered, and their MD5 hash values are as follows:
Job Description (LM HR Division II).pdf.scr : 73d2899aade924476e58addf26254c2e
Known as Automation Manager JD(LM HR II).scr: aa8936431f7bc0fabb0b9efb6ea153f9
These files were signed with the Nexaweb certificate (Serial number: 0315e137a6e2d658f07af454c63a0af2) on May 24 and 28, 2024.
When the malware is executed, it displays a PDF file related to employment as a bait.
The exact target is unknown, but considering that the document is a bait, it is likely to be intended for …
AhnLab SEcurity intelligence Center (ASEC) has discovered malware signed with the certification of Nexaweb Inc. by investigating a file with the same characteristics as the one signed with a Korean company’s certificate. These malware samples have been reported by other security companies about the activities of the Kimsuky group.
AhnLab is tracking them, naming them Larva-25004.
Malware Signed with the Nexaweb Certificate
Two files were discovered, and their MD5 hash values are as follows:
Job Description (LM HR Division II).pdf.scr : 73d2899aade924476e58addf26254c2e
Known as Automation Manager JD(LM HR II).scr: aa8936431f7bc0fabb0b9efb6ea153f9
These files were signed with the Nexaweb certificate (Serial number: 0315e137a6e2d658f07af454c63a0af2) on May 24 and 28, 2024.
When the malware is executed, it displays a PDF file related to employment as a bait.
The exact target is unknown, but considering that the document is a bait, it is likely to be intended for …
IoC
0315e137a6e2d658f07af454c63a0af2
28ce4d33e7994c2be95816eea5773ed1
aa8936431f7bc0fabb0b9efb6ea153f9
73d2899aade924476e58addf26254c2e
28ce4d33e7994c2be95816eea5773ed1
aa8936431f7bc0fabb0b9efb6ea153f9
73d2899aade924476e58addf26254c2e