Word Macro Malware Analysis

SHA256: dd81d70fa14f0e95b8cd2fe86a9a21a264cbb4bb32d80c4195fc13ee6791b994 Sample Link: Beta.VirusBay.io File Type: Microsoft Word File Extension: .doc I am going to use OLETools to analyse this word document sample. For initial document analysis I rely on this tool, if you have read my earlier blog posts on word macro analysis, you can see I have used this tool. >>oleid.py <word… Read More Word Macro Malware Analysis

June 12, 2020July 9, 2020 AnuragLeave a comment

Word Macro Malware Analysis

Hash: 98fe0b166f550446cbf9e0f368eb8bea79d2eec29fa033cee1ff8f8e38a12836 Sample Download Source: beta.virusbay.io File Type: Microsoft Word Document File Format: .doc VirusTotal Scrore: 32/62 Document Preview: File Property: cmd> olemeta.py <filename> Document Macro Analysis: cmd> olevba.py -a <filename> Document_Open macro executes on opening document. The first thing I was trying to access Macro. By default it was disabled, to enable it go… Read More Word Macro Malware Analysis

May 15, 2020July 9, 2020 Anurag4 Comments

Excel 4.0 macro Trojan Downloader – Malware Analysis

Hash: 89e62ec08b0b6065134c67937bae76ccd70163770fd6992574e41b9c82c3cf1c Sample Download Link: beta.VirusBay.io Application Name: Microsoft Excel File Type: xls VirusTotal Score: 29/60 I came across this sample on VirusBay.io. I downloaded this malicious excel file on my VM for malware analysis. OLEVBA.py First thing I did analysis of VBA macro source code in excel file using OLETools. Command > OLEVBA.py -a The… Read More Excel 4.0 macro Trojan Downloader – Malware Analysis

May 4, 2020July 9, 2020 Anurag8 Comments

PDF malware analysis

Hash: d26a7e67cda125f11270af0a820f6644cf920ed70fd5b166e82757dabb6d1ee0 Download sample link: Here File type: PDF VirusTotal score: 27/54 PDF Document Preview PDFiD I have used PDFiD tool to analyse the header of pdf file. Observed file contains 24 URL’s. Next step is to extract URL’s from the document. I will use two tools here to perform this, pdf-parser and PDFStreamDumper. pdf-parser… Read More PDF malware analysis

May 1, 2020July 9, 2020 Anurag2 Comments

Trojan Agent Tesla – Malware Analysis

Hash – 077f75ef7fdb1663e70c33e20d8d7c4383fa13fd95517fab8023fce526bf3a25 Family : Agent Tesla Downloaded Sample Link: Click here Signature: Microsoft Visual C# v7.0/ Basic.NET Filename: UIhLdVHHlUAKoEOpjVAsXFlIQrgS.exe VirusTotal score: Malware behavior: Steal browser information (URL, Usernames, Passwords) Steal passwords for email clients. Steal FTP Clients Steal download manager passwords. Collect OS and hardware information. Browser Information: When I debug the malware executable,… Read More Trojan Agent Tesla – Malware Analysis

April 5, 2020July 9, 2020 Anurag3 Comments