Tracking Traces of Malware Disguised as Hancom Office Document File and Being Distributed (RedEyes)
Contents
AhnLab Security Emergency response Center (ASEC) has confirmed the distribution of malware disguised as Hancom Office document files. The malware that is being distributed is named “Who and What Threatens the World (Column).exe” and is designed to deceive users by using an icon that is similar to that of Hancom Office. Decompressing the compressed file reveals a relatively large file with a size of 36,466,238 bytes. AhnLab Endpoint Detection and Response (EDR) is capable of detecting such attack techniques through its trace data, and it allows users to check the data required to investigate the related breach case.
Figure 1 depicts the icon of the malware and its overall execution. It provides a visual representation of which processes are used when the malware is executed.
Figures 2 and 3 show the trace data of key behaviors within the overall flow of the malware. In Figure 2, a trace can be observed of …
Figure 1 depicts the icon of the malware and its overall execution. It provides a visual representation of which processes are used when the malware is executed.
Figures 2 and 3 show the trace data of key behaviors within the overall flow of the malware. In Figure 2, a trace can be observed of …
IoC
93fc0fb9b87a00b38f18c1cc4ee02e50
http://ingarchi.com/bbs/data/culture
http://ingarchi.com/bbs/data/culture/getcfg.php
http://ingarchi.com/bbs/data/culture
http://ingarchi.com/bbs/data/culture/getcfg.php