Recent Keylogger Attributed to North Korean Group Andariel Analyzed Through A Hybrid Analysis Perspective
Contents
Author: Vlad Pasca
- A technical deep dive into the new North Korean keylogger from a Hybrid Analysis perspective
- The keylogger incorporates junk code to hinder analysis and logs keystrokes and mouse activity, storing the data in a password-protected, encrypted archive
- The malware has been associated with a North Korean group targeting U.S. organizations
A new keylogger, attributed to the North Korean group Andariel (also known as APT45, Silent Chollima, or Onyx Sleet) has been recently disclosed and linked to targeted attacks against U.S. organizations. Using Hybrid Analysis we reveal some of the malware’s capabilities, including its ability to capture sensitive information through keystroke and mouse activity logging. Additionally, we conduct a deep dive into the keylogger’s anti-analysis techniques, such as code obfuscation through the use of junk code, implemented in an effort to hinder analysis.
A Hybrid Analysis Perspective
Right at the top of the Hybrid Analysis report, the “Risk Assessment” section reveals …
- A technical deep dive into the new North Korean keylogger from a Hybrid Analysis perspective
- The keylogger incorporates junk code to hinder analysis and logs keystrokes and mouse activity, storing the data in a password-protected, encrypted archive
- The malware has been associated with a North Korean group targeting U.S. organizations
A new keylogger, attributed to the North Korean group Andariel (also known as APT45, Silent Chollima, or Onyx Sleet) has been recently disclosed and linked to targeted attacks against U.S. organizations. Using Hybrid Analysis we reveal some of the malware’s capabilities, including its ability to capture sensitive information through keystroke and mouse activity logging. Additionally, we conduct a deep dive into the keylogger’s anti-analysis techniques, such as code obfuscation through the use of junk code, implemented in an effort to hinder analysis.
A Hybrid Analysis Perspective
Right at the top of the Hybrid Analysis report, the “Risk Assessment” section reveals …
IoC
d71f478b1d5b8e489f5daafda99ad203de356095278c216a421694517826b79a