The Korean malware analysis links a Lunar New Year-themed sample to activity resembling an earlier Vietnamese event estimate lure associated with Kimsuky reporting. The executable contains a PDF decoy instead of an HWP document, drops and runs a malicious DLL, and uses encrypted strings that the author decodes with an IDA script. The source highlights a backdoor communicating with happy-new-year.esy.es and publishes representative hashes for the dropper and related payloads. The report is useful for tracking repeated lure formats, DLL-dropping behavior, string encryption, and infrastructure reuse around Kimsuky-attributed activity without overextending the attribution beyond the author’s cautious framing.