북한 코니(Konni) 가상자산사업자 자금세탁방지 감독 방향 위장을 하는 악성코드-test.lnk(2025.2.28)
2025-03-06 • Sakai • Konni Malware Disguised as a Virtual Asset AML Supervision Document •
The source analyzes test.lnk, a Konni-linked malware sample disguised as an HWP document about anti-money-laundering supervision for virtual asset service providers. The report lists the sample hashes and shows that the LNK contains embedded PowerShell rather than behaving like a normal shortcut. Its command-line logic searches for PowerShell on the system and runs obfuscated script content, making the lure relevant to cryptocurrency and regulatory themes while preserving a common Konni execution pattern.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| URL | https://teamfuels.com/modules/i… | 2025-02-20 | 2026-01-14 |
| URL | http://forum.flasholr-app.com/w… | 2025-02-20 | 2026-01-14 |
| DOMAIN | teamfuels.com | 2025-02-20 | 2026-01-14 |
| DOMAIN | forum.flasholr-app.com | 2025-02-20 | 2026-01-14 |
| HASH | 86c4315e90a5950e7ae87e3eca99127… | 2025-03-06 | 2025-03-06 |
| HASH | 2dcb83b80eef4018e85d56c2e19fd17… | 2025-03-06 | 2025-03-06 |
| HASH | 6467861415139a1ee35f2b036e57c494 | 2025-03-06 | 2025-03-06 |
Related Actors
Related Reports
Shares tags: Konni, LNK • Shares 4 IOCs • Published within a week
Shares tags: Konni, LNK • Shares 4 IOCs • Same author: Sakai • Published within a month
Shares tags: Konni, LNK • Same author: Sakai • Published within a month
Shares tags: Konni, LNK • Same author: Sakai • Published within a week
Shares tags: Konni, LNK • Same author: Sakai • Published within a month
Shares tags: Konni, LNK • Same author: Sakai