General

  • Target

    official paper 12.20.doc

  • Size

    59KB

  • Sample

    201217-lnbg757twx

  • MD5

    3f800c4e7499313d94e7b5b340e74bde

  • SHA1

    531904218d798930796fb6019811be5a1765fd11

  • SHA256

    bc33970f8fd9d889e5e9139a27eb1b7e896d303b2486b4f8a81b22db03c7aad3

  • SHA512

    5c91ae537fd5a135773a0b41e942f06a1f2eaf43c089ab1c2679133bfc64969c9efb29f892acc24d2366501184d7ca29664f0a8c0772eaca82f7b22bc92dc888

Score
10/10

Malware Config

Targets

    • Target

      official paper 12.20.doc

    • Size

      59KB

    • MD5

      3f800c4e7499313d94e7b5b340e74bde

    • SHA1

      531904218d798930796fb6019811be5a1765fd11

    • SHA256

      bc33970f8fd9d889e5e9139a27eb1b7e896d303b2486b4f8a81b22db03c7aad3

    • SHA512

      5c91ae537fd5a135773a0b41e942f06a1f2eaf43c089ab1c2679133bfc64969c9efb29f892acc24d2366501184d7ca29664f0a8c0772eaca82f7b22bc92dc888

    Score
    10/10
    • IcedID, BokBot

      IcedID is a banking trojan capable of stealing credentials.

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks