MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8028b918d06cf3635e7e77d29cb0a4622d8cf4ee30881fb297435f7328ff45e4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Kimsuky

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	8028b918d06cf3635e7e77d29cb0a4622d8cf4ee30881fb297435f7328ff45e4
SHA3-384 hash:	f2cc06c0e43274b9a281a79a75100c6942f1cbc0bd337635dd6ef0eae389007d3a7976d1fda234fd3736cd1ea127b24f
SHA1 hash:	cf8555a2d9fc8081ba8c8e29f7905dd926655df1
MD5 hash:	ef8947d291107256cb5883ac3bc163d0
humanhash:	charlie-kansas-pennsylvania-missouri
File name:	강연의뢰서.msc
Download:	download sample
Signature	Kimsuky Create hunting rule
File size:	145'796 bytes
First seen:	2024-08-29 11:02:52 UTC
Last seen:	Never
File type:
MIME type:	text/xml
ssdeep	192:+PAHvjIn5we39BAqayNMWc/n9yaSISRyWpk/6HyoliI8RxkZkNxB9tdctjOUxs5D:xXeoq9MWcf9gi/SHMWW
TLSH	T1EAE38A720CC52FE5936B2450171EE72BAF4D2FAB417144A374ABB8612F686319B5EC3C
Magika	xml
Reporter	JAMESWT_WT
Tags:	apt Kimsuky MSC rem-zoom-meeting-kro-kr

Intelligence

File Origin

# of uploads :

# of downloads :

179

Origin country :

Vendor Threat Intelligence

Detection(s):

TwinWave.EvilMSC.OddLook.20240601.UNOFFICIAL

TwinWave.EvilMSC.OddLookLOLBIN.20240601.UNOFFICIAL

Verdict:

Malicious

Score:

90.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=66d17880fe69a9e56049efaf

Tags:

Execution Infostealer Network Generic

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/8028b918d06cf3635e7e77d29cb0a4622d8cf4ee30881fb297435f7328ff45e4

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/8028b918d06cf3635e7e77d29cb0a4622d8cf4ee30881fb297435f7328ff45e4

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8028b918d06cf3635e7e77d29cb0a4622d8cf4ee30881fb297435f7328ff45e4/

Threat name:

Win32.Backdoor.Kimsuky

Status:

Malicious

First seen:

2024-08-29 11:00:47 UTC

File Type:

Text (XML)

AV detection:

9 of 24 (37.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qaulsggqntzwgxt6o7jjzmfemiwyz5hogceb7muxinpxgkh7ixsa._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Kimsuky

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8028b918d06cf3635e7e77d29cb0a4622d8cf4ee30881fb297435f7328ff45e4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample