I downloaded this sample for malware analysis and change the extension to .LNK which is Microsoft Shortcut. Right clicked on file and navigated to shortcut and found that there is target is PowerShell embedded Below is PowerShell script which will drop another PowerShell script from the URL. URL is http[:]// timebounder[.]ru and downloading PowerShell script… Read More Trojan malware – Microsoft Shortcut (LNK)
I have downloaded this Microsoft shortcut malicious sample from Virustotal for analysis After downloading, I renamed as sample.lnk. (Microsoft shortcut extension .LNK) When I opened properties tab of this file, found below properties which clearly shows its now shortcut of any application but a PowerShell script which executed on opening. Target Type: Application Target: PowerShell… Read More Microsoft Shortcut (LNK) trojan malware
VirusTotal sample – c9bdfb2d6ac9e493bc391b2f64b48d8d5cde10645ea921951b23112e6d73545c File Type: Microsoft Word Document Document Property: I have used Oletools to analyse word document properties and analyse content. This word document has VBA macros. After parsing word document using olevba, this tells, file has suspicious hex string and Base64 strings. And file has below macros, LUDoB_BX.cls fkkkCAk.bas ZAAcAA.bas And macros… Read More Emotet malware analysis
VirusTotal: SHA256 – 9ff1c8e6d80ebf5626714362cbc55a53ba17038e841773d24fdc018891adb52e Tools used for analysis: Ollydbg, WireShark, PEExplorer, I started debugging using Ollydbg. The first warning I received is “Module ‘AutoRUN_’ has entry point outside the code (as specified in the PE header). Maybe this file is self-extracting or self-modifying. Please keep it in mind when setting breakpoints!” The executable file extracts HelpMe.exe file and… Read More HelpMe.exe malware
VirusTtoal — SHA-256 — 7c3e2a38dcacc3246409151ecdf283814611a8f9d98ed0e5996fb2615adc2cc2 I pulled the request for malware sample from Malshare for analysis and renamed the file with .exe extension. Tools I used: Ollydbg, WireShark, PEExplorer, I downloaded malware sample, opened in PE explorer, and found resource information Before I start debugginh, I extracted the malware executable file using 7-zip. There were… Read More SmartConnect.exe Malware
