General

  • Target

    question 12.20.doc

  • Size

    92KB

  • Sample

    201211-b87dexehm2

  • MD5

    5de2884bc432d24412d912a7b15e6716

  • SHA1

    b72c0f8fa24ecd39e04a76a2217df45387129fa1

  • SHA256

    d5a0663b7eb637755655fc8fd3890979919463465ed0fa441661db95bf0d3a33

  • SHA512

    9232b4834dfdec55eddaffcdf749e109ceaefa32fecc807e83c8048d011df9473a086e01d6b409726523dde23d0d3ea3cba251d29cdc269203e46b9f9cdd1374

Score
10/10

Malware Config

Targets

    • Target

      question 12.20.doc

    • Size

      92KB

    • MD5

      5de2884bc432d24412d912a7b15e6716

    • SHA1

      b72c0f8fa24ecd39e04a76a2217df45387129fa1

    • SHA256

      d5a0663b7eb637755655fc8fd3890979919463465ed0fa441661db95bf0d3a33

    • SHA512

      9232b4834dfdec55eddaffcdf749e109ceaefa32fecc807e83c8048d011df9473a086e01d6b409726523dde23d0d3ea3cba251d29cdc269203e46b9f9cdd1374

    Score
    10/10
    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Tasks