MD5: bcdadfdc16bcf022384c4631849e1396 File Type: Microsoft Excel File Extension: .xlsm File Name: BillINV-01364_CLIENT_Schedule.xlsm File Preview: I am analyzing excel file using OleTools to detect suspicious code and IOCs. > oleid <FileName> Oleid will help to know whether file has any embedded OLE/Flash objects,VBA macros Its clear from the above output of oelid, it has suspicious VBA… Read More MS Excel Malware Analysis
MD5: CA15F9F45971EA442943084547761994 File: Microsoft word document Word Document Screenshot: File Properties: I used OLEVBA.py to extract the VBA code but it was giving error. I used oledump.py tools to analyze the file. Using oledum.py. I ran the below command to get the complete document streams. >>oledump.py <filename> You can see M at Number 18 and… Read More Word Document Malware Analysis
Crimson is a Remote Access Trojan — a malware that is used to take remote control of infected systems and steal data. This particular RAT is known to be used by a Pakistani founded cybergang that targets Indian military objects to steal sensitive information. MD5: f940e886a40783deb4e97fe6d842da7a File Type: MS Excel Spreadsheet VT Score: 35/62 I… Read More Crimson RAT Malware Analysis
HASH MD5: 4A88E83B325AA23DA1E4BFA90B4F7C34 File type: Office Open XML Document VT Score: 45/62 While I was going through Any.run report tracker, I came across this word document, I downloaded it for analysis. OleTools: I used OLETools to analyse the document macros. Olevba.py -a <file name> Indicators: Auto execute on opening document. May write a file to… Read More Word Macro Drops IcedID Trojan – Malware Analysis
HASH MD5: 88e085572a182ca102676676ec0ef802 File Type: Win32 executable Signature: Microsoft Visual C# v7.0 / Basic .NET Link to Download Sample: Any.Run Type: Remote Access Trojan njRAT is a remote access Trojan. It is one of the most widely accessible RATs. I came across this while going through Any.Run trends and thought to download sample for analysis.… Read More njRAT Malware Analysis
Malware Analysis 