Wednesday, June 19, 2013

South Korea Incident - Analysis of a tiny Downloader

In this short Blogpost I am going to dissect a Downloader which is part of the ongoing "1Mission" campaign against targets in South Korea (thanks Chae Jong Bin for pointing me at). The Downloader comes in the form of a DLL and has the small size of 4 KB. What remains unknown is the way the DLL gets executed (through exploit/loader/...). Except its small size there isn't anything special about this malware. Unfortunately the file it wanted to download isn't available anymore, so there is no chance to dig deeper...

DLL sample
Size: 4.096 Bytes
Timestamp: 2013-05-30 03:54:37
MD5: 17e3e09c27d26c81c9f33882279d6319
SHA1: c467f59cddba2d029044f6f2b22b6b2123b341b6