General

  • Target

    commerce ,12.20.doc

  • Size

    73KB

  • Sample

    201207-fvk1ql7t16

  • MD5

    ff964fd38ca1b1c28d543574f2fbbf74

  • SHA1

    4eff0c20e4740e3e4eb53c5489d01a079c1ef3ee

  • SHA256

    0cc40f89721a9d22358c612aa94164b3ce259da696798c2d6fde6ad7c82d396e

  • SHA512

    23a034d28dcd837d61253cdd79c0d62c91923f03831d330e2a2cc92305e29d571b10ecd8086885b4b478044386847d92f71ce536996980675fca7f0ba5051ea2

Score
10/10

Malware Config

Targets

    • Target

      commerce ,12.20.doc

    • Size

      73KB

    • MD5

      ff964fd38ca1b1c28d543574f2fbbf74

    • SHA1

      4eff0c20e4740e3e4eb53c5489d01a079c1ef3ee

    • SHA256

      0cc40f89721a9d22358c612aa94164b3ce259da696798c2d6fde6ad7c82d396e

    • SHA512

      23a034d28dcd837d61253cdd79c0d62c91923f03831d330e2a2cc92305e29d571b10ecd8086885b4b478044386847d92f71ce536996980675fca7f0ba5051ea2

    Score
    10/10
    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Tasks