Unpacking APT38: Static and Dynamic Analysis of Lazarus Group Malware
Contents
Unpacking APT38: Static and Dynamic Analysis of Lazarus Group Malware
In my APT38 malware analysis, I employ tools like ANY.RUN and Hybrid Analysis for dynamic testing, and explore static features such as hashes and PE information. I also analyze PCAP files to track DNS queries, HTTP requests, and C2 communications, capturing the malware’s key behaviors and indicators of compromise.
Table of Contents
1. Introduction
- Malware Overview & Purpose
- How It Was Obtained
- About Lazarus Group
2. Static Analysis
- File Properties (Hashes, PE Info)
- Packing Detection & Extracted Strings
3. Dynamic Analysis
- Sandbox Results (ANY.RUN, Hybrid Analysis)
- Process Creation & API Calls
- Registry Modifications
4. Network Analysis (From PCAP File)
- DNS Queries & HTTP Requests
- C2 Communication & Exfiltration
- Indicators of Compromise (IOCs)
5. Behavior Analysis
- Detection
- MITRE ATT&CK Tactics and Techniques
- File System Action
6. Remediation & Mitigation Steps
7. Conclusion
8.Final Recommendation
1. Introduction
Malware Overview & Purpose
Malware Name:
875b0cbad25e04a255b13f86ba361b58453b6f3c5cc11aca2db573c656e64e24.exe
Target System: Windows (64-bit)
The Lazarus Group primarily targets Windows systems due to their …
In my APT38 malware analysis, I employ tools like ANY.RUN and Hybrid Analysis for dynamic testing, and explore static features such as hashes and PE information. I also analyze PCAP files to track DNS queries, HTTP requests, and C2 communications, capturing the malware’s key behaviors and indicators of compromise.
Table of Contents
1. Introduction
- Malware Overview & Purpose
- How It Was Obtained
- About Lazarus Group
2. Static Analysis
- File Properties (Hashes, PE Info)
- Packing Detection & Extracted Strings
3. Dynamic Analysis
- Sandbox Results (ANY.RUN, Hybrid Analysis)
- Process Creation & API Calls
- Registry Modifications
4. Network Analysis (From PCAP File)
- DNS Queries & HTTP Requests
- C2 Communication & Exfiltration
- Indicators of Compromise (IOCs)
5. Behavior Analysis
- Detection
- MITRE ATT&CK Tactics and Techniques
- File System Action
6. Remediation & Mitigation Steps
7. Conclusion
8.Final Recommendation
1. Introduction
Malware Overview & Purpose
Malware Name:
875b0cbad25e04a255b13f86ba361b58453b6f3c5cc11aca2db573c656e64e24.exe
Target System: Windows (64-bit)
The Lazarus Group primarily targets Windows systems due to their …
IoC
http://www.addfriend.kr/board/userfiles/temp/index.html
211.239.117.117
875B0CBAD25E04A255B13F86BA361B58453B6F3C5CC11ACA2DB573C656E64E24
875b0cbad25e04a255b13f86ba361b58453b6f3c5cc11aca2db573c656e64e24
15DC6A28B875B4706BCC0DB4A026AEB0
211.239.117.117
875B0CBAD25E04A255B13F86BA361B58453B6F3C5CC11ACA2DB573C656E64E24
875b0cbad25e04a255b13f86ba361b58453b6f3c5cc11aca2db573c656e64e24
15DC6A28B875B4706BCC0DB4A026AEB0