ASEC Weekly Malware Statistics (November 1st, 2021 – November 7th, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from November 1st, 2021 (Monday) to November 7th, 2021 (Sunday). For the main category, info-stealer ranked top with 51.8%, followed by Downloader with 22.7%, RAT (Remote Administration Tool) malware with 19.6%, Backdoor malware with 2.7%, and CoinMiner with 1.6%. Top 1 –  BeamWinHTTP BeamWinHTTP is a downloader malware that has taken first place once…

Analysis Report of Lazarus Group’s NukeSped Malware

AhnLab Security Emergency response Center (ASEC) reveals an analysis report of Lazarus group’s attacks found from around 2020 until recently. The malware discussed here is known as NukeSped, a backdoor type that can perform various malicious behaviors by receiving commands from the attacker. This report will show the analysis of the overall flow of attacks using NukeSped. It looks into the malware’s features starting from the confirmed distribution methods and then goes into details of each attack stage such as…

Malicious Excel File Using Macro Sheets Being Distributed in Korea (2)

The ASEC analysis team has found multiple distributions of malicious excel file that uses macro sheet (Excel 4.0 Macro) via phishing email. The use of macro sheet is a method commonly used by the distributor, and such method was also used in the distribution of malware such as SquirrelWaffle and Qakbot. The malware that uses macro sheets was mentioned in the previous blogs as well. The distribution is not that different from previous methods, but considering that the files in…

Malicious Word Files with External Links of Similar Domain Form

Most malicious Word files that have been discovered in attacks contained macro, however, the ASEC analysis team has discovered a case where an external link connecting to an active C2 was used in a superior attack process to execute the malicious Word macro. This method was introduced in a previous blog post and was often used in malicious Word documents with North Korea-related materials. Previous blog post: Malicious Word Documents with External Link of North Korea Related Materials The execution…

ASEC Weekly Malware Statistics (October 25th, 2021 – October 31st, 2021)

The ASEC analysis team is using the ASEC automatic analysis system RAPIT to categorize and respond to known malware. This post will list weekly statistics collected from October 25th, 2021 (Monday) to October 31st, 2021 (Sunday). For the main category, info-stealer ranked top with 48.3%, followed by RAT (Remote Administration Tool) malware with 24.5%, Downloader with 18.3%, Backdoor malware with 4.6%, Ransomware with 4.1%, and Banking malware with 0.2%. Top 1 – BeamWinHTTP BeamWinHTTP is a downloader malware that ranked first…