Tuesday, December 23, 2014

Merry Christmas From Malware Tracker or "Christmas Card For You.doc"

Merry Christmas and happy holidays from all of us.

And your obligatory MS12-060 malware Christmas Card:

Christmas Card For You.doc
MD5 0dbe90b1dca29e2daf28ff789b3d43d3
SHA-1 71999500915dff038dc2d39facecbfbb5a907f96
SHA-256 093e394933c4545ba7019f511961b9a5ab91156cf791f45de074acad03d1a44a
Dropper imphash: 18ddf28a71089acdbab5038f58044c0a
C2 IP:
Possibly related domains: boshman09.com (resolves to same IP

rule malware_kis
date = "December 22, 2014"
desc = "Christmas Card for you malware"
ref = "https://www.malwaretracker.com/docsearch.php?hash=0dbe90b1dca29e2daf28ff789b3d43d3"
MD5 = "0dbe90b1dca29e2daf28ff789b3d43d3"
author = "@mwtracker www.malwaretracker.com"
$s1 = "\\kis(by XC)\\MYDLL\\Release\\MYDLL.pdb"

all of them

You can view our automated Cryptam report on this sample as well as the extracted dropper's strings in Cryptam.

No comments:

Post a Comment