Merry Christmas From Malware Tracker or "Christmas Card For You.doc"

Merry Christmas and happy holidays from all of us.

And your obligatory MS12-060 malware Christmas Card:

Christmas Card For You.doc
MD5 0dbe90b1dca29e2daf28ff789b3d43d3
SHA-1 71999500915dff038dc2d39facecbfbb5a907f96
SHA-256 093e394933c4545ba7019f511961b9a5ab91156cf791f45de074acad03d1a44a
Dropper imphash: 18ddf28a71089acdbab5038f58044c0a
C2 IP: 210.209.127.8:443
Possibly related domains: boshman09.com (resolves to same IP 210.209.127.8)

rule malware_kis
{
    meta:
date = “December 22, 2014”
desc = “Christmas Card for you malware”
ref = “https://www.malwaretracker.com/docsearch.php?hash=0dbe90b1dca29e2daf28ff789b3d43d3”
MD5 = “0dbe90b1dca29e2daf28ff789b3d43d3”
author = “@mwtracker www.malwaretracker.com”
    strings:
$s1 = “kis(by XC)MYDLLReleaseMYDLL.pdb”

    condition:
all of them
}

You can view our automated Cryptam report on this sample as well as the extracted dropper’s strings in Cryptam.

Share this post

Share on facebook
Share on linkedin
Share on print
Share on email

Subscribe to our Monthly Cyber Security Digest

Get monthly content to keep you up to date on the latest news and tips