Trojan- JS downloader

I have downloaded JS trojan downloader from VirusSign to analyze behavior of this malware. It was a zip file INC_0987155124US_Apr_19_2019.zip and after extracting it, I got .js file. On opening JS file in notepad, i saw base64 obfuscated string. After obfuscation JS script, I found, this file has multiple sources/ URL’s to download SHA256- d6798b62cef08c4f61a30dfa346faf5aa29f9d03e4599ebe5ae910a193087b86… Read More Trojan- JS downloader

April 22, 2019July 9, 2020 AnuragLeave a comment

Word Macro backdoor Trojan

I came across this sample from one of Twitter post and immediately I downloaded this sample from virusbay.io for analysis. First I used oleTools to analyse word macro. Macro will execute on opening file. It creates text file. It executes PowerShell command. it has base64 used to obfuscate the string. And it creates two bat… Read More Word Macro backdoor Trojan

April 16, 2019July 9, 2020 AnuragLeave a comment

Trojan malware – Microsoft Shortcut (LNK)

I downloaded this sample for malware analysis and change the extension to .LNK which is Microsoft Shortcut. Right clicked on file and navigated to shortcut and found that there is target is PowerShell embedded Below is PowerShell script which will drop another PowerShell script from the URL. URL is http[:]// timebounder[.]ru and downloading PowerShell script… Read More Trojan malware – Microsoft Shortcut (LNK)

April 14, 2019July 9, 2020 AnuragLeave a comment