Word Macro Malware Analysis


Hash: 98fe0b166f550446cbf9e0f368eb8bea79d2eec29fa033cee1ff8f8e38a12836 Sample Download Source: beta.virusbay.io File Type: Microsoft Word Document File Format: .doc VirusTotal Scrore: 32/62 Document Preview: File Property: cmd> olemeta.py <filename> Document Macro Analysis: cmd> olevba.py -a <filename> Document_Open macro executes on opening document. The first thing I was trying to access Macro. By default it was disabled, to enable it go… Read More Word Macro Malware Analysis

Excel 4.0 macro Trojan Downloader – Malware Analysis


Hash: 89e62ec08b0b6065134c67937bae76ccd70163770fd6992574e41b9c82c3cf1c Sample Download Link: beta.VirusBay.io Application Name: Microsoft Excel File Type: xls VirusTotal Score: 29/60 I came across this sample on VirusBay.io. I downloaded this malicious excel file on my VM for malware analysis. OLEVBA.py First thing I did analysis of VBA macro source code in excel file using OLETools. Command > OLEVBA.py -a The… Read More Excel 4.0 macro Trojan Downloader – Malware Analysis

PDF malware analysis


Hash: d26a7e67cda125f11270af0a820f6644cf920ed70fd5b166e82757dabb6d1ee0 Download sample link: Here File type: PDF VirusTotal score: 27/54 PDF Document Preview PDFiD I have used PDFiD tool to analyse the header of pdf file. Observed file contains 24 URL’s. Next step is to extract URL’s from the document. I will use two tools here to perform this, pdf-parser and PDFStreamDumper. pdf-parser… Read More PDF malware analysis

Trojan Agent Tesla – Malware Analysis


Hash – 077f75ef7fdb1663e70c33e20d8d7c4383fa13fd95517fab8023fce526bf3a25 Family : Agent Tesla Downloaded Sample Link: Click here Signature: Microsoft Visual C# v7.0/ Basic.NET Filename: UIhLdVHHlUAKoEOpjVAsXFlIQrgS.exe VirusTotal score: Malware behavior: Steal browser information (URL, Usernames, Passwords) Steal passwords for email clients. Steal FTP Clients Steal download manager passwords. Collect OS and hardware information. Browser Information: When I debug the malware executable,… Read More Trojan Agent Tesla – Malware Analysis

Password stealer Trojan – Malware Analysis


Hi Visitor, I got this sample of malware shared on VirusBay. Sample below: SHA256: 630efa1e2dc642799b867363bb36d1953884480ac29942a1ab20243a8a9620ad Signature: Microsoft Visual C# v7.0/ Basic .Net and its a Windows forms application. Upon execution, this file drops below two files at location C:\Users\<UserProfile>\AppData\Local\Temp\ Dropped files: C:\Users\<UserProfile>\AppData\Local\Temp\FB_2C02.tmp.exe C:\Users\<UserProfile>\AppData\Local\Temp\cc3a68ce1dad95ce662e1c51568e3a.exe (Application Server) Upon execution of this file, it take a screenshot of… Read More Password stealer Trojan – Malware Analysis