Analysis of Dridex Malware Distribution Method Armed with Bypass Detection

Dridex, also known as Cridex and Bugat, is a typical info-stealing malware that steals financial information. It is distributed on a massive scale by cybercrime organizations and it mainly uses macros within Microsoft Office Word or Excel document files that are included in spam mails. The most noticeable characteristic of Dridex malware is that it operates by modularizing files depending on features such as downloader, loader, and botnet. As such, there have been cases of ransomwares such as DoppelPaymer or…

Distribution of Malicious Word Document Disguised as a Military Security Monthly Magazine (April 2021)

On March 29th, ASEC analysis team has introduced malicious word documents containing North Korea related materials. Upon opening the file, it connects to the ‘External URL’ written within XML and downloads additional files. Recently the team has found out that malicious word documents using the mentioned method and disguised as a military security monthly magazine (April 2021) are currently being distributed. The names of the files are as follows: MonthlyKIMA2021_AprilMilitarySecurity0330.docx MonthlyKIMA2021_AprilMilitarySecurity0331.docx The document file is protected, and upon unlocking the…

Malicious Word File Disguised as Compensation Request Form (External Connection + VBA Macro)

With malicious document files being distributed in various document formats such as HWP, DOC, XSLX, and PDF, it is safe to say that such a document-based malware has become a new trend among attackers. In pursuit of this trend, ASEC analysis team has been publishing various articles that contain related information in our blog. Today, ASEC analysis team will share the information on the newly-found malicious Word document file. This malicious Word document file takes a form of a ‘Compensation Request…

Malicious Word Documents with External Link of North Korea Related Materials

In the previous, ASEC analysis team has introduced various types of document-based malware. Among them, malicious documents of North Korea related materials were generally produced in HWP file format. You can check the relevant information from previous ASEC blog posts. Today, DOC (Word) documents containing North Korea related materials collected by ASEC analysis team will partially be introduced. These documents are assumed to be distributed via email, and they had following content within. Upon opening, it connects to ‘External URL’…

Caution! Magniber Ransomware Being Distributed in Korea Using CVE-2021-26411 Vulnerability

The distributor of Magniber ransomware has continued to evolve to avoid V3’s detection. It goes without saying that subscribers of ASEC Blog are well aware of the fact that AhnLab has been fighting the developers of Magniber ransomware for a long time, and that the history almost resembles a cat-and-mouse chase. This time, the distributor of Magniber waited for the anniversary day of AhnLab (March 15th), which is also a traditional holiday for AhnLab. On this day, the distributor swiftly…