MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da79eea1198a1a10e2ffd50fd949521632d8f252fb1aadb57a45218482b9fd89. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Kimsuky


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: da79eea1198a1a10e2ffd50fd949521632d8f252fb1aadb57a45218482b9fd89
SHA3-384 hash: c630b0ace55ff3733a162ac02bf1d2a070be631560795422d997506d96df5c9bfb65fda4a774bcdb8bf0ce3ee44f40d3
SHA1 hash: d4fa57f9c9e35222a8cacddc79055c1d76907fb9
MD5 hash: f35b05779e9538cec363ca37ab38e287
humanhash: lake-beer-princess-stream
File name:HF.chm
Download: download sample
Signature Kimsuky
Create hunting rule
File size:627'590 bytes
First seen:2024-03-21 14:40:51 UTC
Last seen:Never
File type:
MIME type:application/octet-stream
ssdeep 12288:3B/CHrbu5jcBSv7bfJwgOXm4mOpJh+IVM9T+MfOLGYXiqMPZl:3Wri5jcBSjTJwgO2uJASM9TDenXiff
TLSH T170D42325D4506C8DF1DA00379BE02D999BDCB8B947FC74A144FA388601BA7E93CE9736
Reporter smica83
Tags:apt chm Kimsuky

Intelligence

File Origin
# of uploads :
1
# of downloads :
200
Origin country :
HU HU
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.HTML.Exploit-3.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.PkillCHMSlick.20220815.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malicious
File Type:
CHM File - Malicious
Link:
https://app.docguard.net/da79eea1198a1a10e2ffd50fd949521632d8f252fb1aadb57a45218482b9fd89/results/dashboard
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
masquerade
Link:
https://www.filescan.io/uploads/65fc46fff074ad892e590cea/reports/5425c6b5-0906-4eb7-940a-ce190009b9fb/overview
Verdict:
Malicious
Labled as:
Downloader/CHM.Generic
Link:
https://www.hybrid-analysis.com/sample/da79eea1198a1a10e2ffd50fd949521632d8f252fb1aadb57a45218482b9fd89
Score:
35%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/da79eea1198a1a10e2ffd50fd949521632d8f252fb1aadb57a45218482b9fd89
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/da79eea1198a1a10e2ffd50fd949521632d8f252fb1aadb57a45218482b9fd89/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-11-14 19:11:39 UTC
File Type:
Binary (Archive)
Extracted files:
18
AV detection:
14 of 38 (36.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3j465iizrinbbyx72uh5sskscyznr4ss7mnk3nl2iuqyjavz7weq._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/240321-va38kseb8v/
Behaviour
Creates scheduled task(s)
Delays execution with timeout.exe
Enumerates processes with tasklist
Gathers system information
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Blocklisted process makes network request
Process spawned unexpected child process
Malware Config
Dropper Extraction:
https://niscarea.com
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/da79eea1198a/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/da79eea1198a1a10e2ffd50fd949521632d8f252fb1aadb57a45218482b9fd89

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://www.rapid7.com/blog/post/2024/03/20/the-updated-apt-playbook-tales-from-the-kimsuky-threat-actor-group/

Comments