북한 라자루스(Lazarus)에서 만든 브라우저 악성코드-11.js(2024.12.28)
2025-01-06 • Sakai • Browser Malware Created by North Korea's Lazarus - 11.js (2024.12.28) •
The source analyzes a Lazarus-linked browser stealer identified as 11.js and provides hashes for the sample. After deobfuscation, the JavaScript is described as collecting browser logs and user-configuration files, packaging stolen data into ZIP archives, uploading it to a remote server, and using system-command execution to download or run additional components such as python.exe or scripts. The report also notes cryptocurrency-related collection behavior, making the sample relevant to DPRK credential, browser-data, and virtual-asset theft tracking.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | ab754242fe28fa282a9169e47c3e127… | 2025-01-06 | 2025-01-06 |
| HASH | 538053824f395bf2fd879ebf4a32b99… | 2025-01-06 | 2025-01-06 |
| HASH | 36ebb732ac83309f65dd5f54dc75cce5 | 2025-01-06 | 2025-01-06 |
| IPv4 | 95.164.179.24 | 2025-01-06 | 2025-01-06 |
Related Actors
Related Reports
2025-02-05 •
80% Match
#Lazarus
Shares tag: Lazarus • Published within a month
2025-02-04 •
80% Match
#macOS
#BeaverTail
#InvisibleFerret
#Lazarus
#OtterCookie
#FlexibleFerret
#FriendlyFerret
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a month
Shares tag: Lazarus • Published within a month