Sample Analysis of Kimsuky's Attacks - msc
Contents
Sample Analysis of Kimsuky's Attacks - msc
Latest Research|December 24, 2024
The msc file document is a Microsoft Management Console (MMC) console file that is used to store the configuration and management tools for managing systems, networks and other services. The malicious sample releases the forged document and opens it by executing the command line, and releases the PE file and encrypted data at the same time, and then the PE decrypts and reads the data and then constructs it as a vbs script to execute, and the whole flowchart is shown below:
When the file is clicked, it will be installed through the Microsoft Management Console MMC, displaying a click on âOpen ê°ì°ì뢰ì.docxâ (Speech Engagement Form.docx), which induces the click to execute the embedded malicious code.
The malicious code embedded in it is de-obfuscated as shown below and its main purpose is to download the document and open it, the malicious sample and …
Latest Research|December 24, 2024
The msc file document is a Microsoft Management Console (MMC) console file that is used to store the configuration and management tools for managing systems, networks and other services. The malicious sample releases the forged document and opens it by executing the command line, and releases the PE file and encrypted data at the same time, and then the PE decrypts and reads the data and then constructs it as a vbs script to execute, and the whole flowchart is shown below:
When the file is clicked, it will be installed through the Microsoft Management Console MMC, displaying a click on âOpen ê°ì°ì뢰ì.docxâ (Speech Engagement Form.docx), which induces the click to execute the embedded malicious code.
The malicious code embedded in it is de-obfuscated as shown below and its main purpose is to download the document and open it, the malicious sample and …