I have downloaded JS trojan downloader from VirusSign to analyze behavior of this malware. It was a zip file INC_0987155124US_Apr_19_2019.zip and after extracting it, I got .js file. On opening JS file in notepad, i saw base64 obfuscated string. After obfuscation JS script, I found, this file has multiple sources/ […]
Hi, I’m Anurag, working as Application infrastructure implementation consultant in Singapore. My work involves, but not limited to Windows Servers, Active Directory, DNS, DHCP, Networking, Virtualization, SQL Server, SharePoint, Dynamics CRM.
Actively looking for opportunity as Malware Analyst.
My drive towards professionally transitioning to Malware Analyst/Researcher urged me to work on malware samples and write up blogs on them.
I came across this sample from one of Twitter post and immediately I downloaded this sample from virusbay.io for analysis. First I used oleTools to analyse word macro. Macro will execute on opening file. It creates text file. It executes PowerShell command. it has base64 used to obfuscate the string. […]
I downloaded this sample for malware analysis and change the extension to .LNK which is Microsoft Shortcut. Right clicked on file and navigated to shortcut and found that there is target is PowerShell embedded Below is PowerShell script which will drop another PowerShell script from the URL. URL is http[:]// […]
I have downloaded this Microsoft shortcut malicious sample from Virustotal for analysis After downloading, I renamed as sample.lnk. (Microsoft shortcut extension .LNK) When I opened properties tab of this file, found below properties which clearly shows its now shortcut of any application but a PowerShell script which executed on opening. […]
VirusTotal sample – c9bdfb2d6ac9e493bc391b2f64b48d8d5cde10645ea921951b23112e6d73545c File Type: Microsoft Word Document Document Property: I have used Oletools to analyse word document properties and analyse content. This word document has VBA macros. After parsing word document using olevba, this tells, file has suspicious hex string and Base64 strings. And file has below macros, […]