Overview

overview

10

Static

static

8

BoFA Remit...21.doc

windows7_x64

10

BoFA Remit...21.doc

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BoFA Remittance Advice-21721.doc

  • Size

    124KB

  • Sample

    210723-sef6xlkjtj

  • MD5

    d9351f959e1b09a54714ce11437581bb

  • SHA1

    3e82c790db6682d29426dfb7ce666ff3a05cbcd8

  • SHA256

    0f5f34545ede22937a9966d113b2ad9d533d0d499da986bfb49da61671c3e066

  • SHA512

    6b480e21e29915bf8ae435d6470ecdfb3cf0e3b627ec9356a1de0458eecafe733d91ce34fe08d7569bcd77eaeefe7270f6263742cdbcce96bd131395ffededf7

Score
10/10
macromacro_on_actionpersistencexlm

Malware Config

Targets

    • Target

      BoFA Remittance Advice-21721.doc

    • Size

      124KB

    • MD5

      d9351f959e1b09a54714ce11437581bb

    • SHA1

      3e82c790db6682d29426dfb7ce666ff3a05cbcd8

    • SHA256

      0f5f34545ede22937a9966d113b2ad9d533d0d499da986bfb49da61671c3e066

    • SHA512

      6b480e21e29915bf8ae435d6470ecdfb3cf0e3b627ec9356a1de0458eecafe733d91ce34fe08d7569bcd77eaeefe7270f6263742cdbcce96bd131395ffededf7

    Score
    10/10
    persistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks