Malware Analysis of Kimsuky's Attacks - chm
Contents
Malware Analysis of Kimsuky's Attacks - chm
Latest Research|January 2, 2025
A chm file is a Microsoft-produced help file format, often used to store help documentation for a programme or an online help system. It compiles html pages, images, indexes, and other resources into a compressed file that is easy to view on the windows operating system.
The malicious chm sample will execute the malicious script program by setting the htm page in it. This sample uses the script command to execute the malicious vbs script in the same directory, and then executes another vbs script, downloads the core load and executes it, the whole flowchart is shown below:
Unpacking the sample revealed that it contains some suspicious html and vbs scripts.
The script command exists in the 1.htm file and is set to click to run the script.
The relevant parses as a url statement, after de-obfuscation as shown below:
hh.exe will execute the vbs sample, …
Latest Research|January 2, 2025
A chm file is a Microsoft-produced help file format, often used to store help documentation for a programme or an online help system. It compiles html pages, images, indexes, and other resources into a compressed file that is easy to view on the windows operating system.
The malicious chm sample will execute the malicious script program by setting the htm page in it. This sample uses the script command to execute the malicious vbs script in the same directory, and then executes another vbs script, downloads the core load and executes it, the whole flowchart is shown below:
Unpacking the sample revealed that it contains some suspicious html and vbs scripts.
The script command exists in the 1.htm file and is set to click to run the script.
The relevant parses as a url statement, after de-obfuscation as shown below:
hh.exe will execute the vbs sample, …
IoC
https://lfpa.website/pkg/qsuw.php?cgimo=34689(disabled