Quick Post: Analysis of a BokBot (IcedID) Maldoc

From malware.news

BokBot is a modular banking trojan that possesses a robust capability for credential theft, wire fraud, and more. In this blog, we will take a quick look at a recent BokBot maldoc in order to gain some insights into the operator’s TTPs along with hopefully learning a few things about Microsoft’s VBA, which appears to be an endless rabbit hole of interesting functionality. I hope this information will help other researchers and responders in their efforts to combat this threat.

Read more…