MD5: bcdadfdc16bcf022384c4631849e1396 File Type: Microsoft Excel File Extension: .xlsm File Name: BillINV-01364_CLIENT_Schedule.xlsm File Preview: I am analyzing excel file using OleTools to detect suspicious code and IOCs. > oleid <FileName> Oleid will help to know whether file has any embedded OLE/Flash objects,VBA macros Its clear from the above output of oelid, it has suspicious VBA… Read More MS Excel Malware Analysis
Hash – 077f75ef7fdb1663e70c33e20d8d7c4383fa13fd95517fab8023fce526bf3a25 Family : Agent Tesla Downloaded Sample Link: Click here Signature: Microsoft Visual C# v7.0/ Basic.NET Filename: UIhLdVHHlUAKoEOpjVAsXFlIQrgS.exe VirusTotal score: Malware behavior: Steal browser information (URL, Usernames, Passwords) Steal passwords for email clients. Steal FTP Clients Steal download manager passwords. Collect OS and hardware information. Browser Information: When I debug the malware executable,… Read More Trojan Agent Tesla – Malware Analysis
Hi Visitor, I got this sample of malware shared on VirusBay. Sample below: SHA256: 630efa1e2dc642799b867363bb36d1953884480ac29942a1ab20243a8a9620ad Signature: Microsoft Visual C# v7.0/ Basic .Net and its a Windows forms application. Upon execution, this file drops below two files at location C:\Users\<UserProfile>\AppData\Local\Temp\ Dropped files: C:\Users\<UserProfile>\AppData\Local\Temp\FB_2C02.tmp.exe C:\Users\<UserProfile>\AppData\Local\Temp\cc3a68ce1dad95ce662e1c51568e3a.exe (Application Server) Upon execution of this file, it take a screenshot of… Read More Password stealer Trojan – Malware Analysis
SHA256: bdf243b7a296f7aecc366c799e3fb865ee3aff7c72d8d942e2b2632a347fe5c3 I downloaded this sample from Malshare. I started decoding PE hex to text file and found that the PE file has embedded another file which will be dropped on execution. Filename: help.exe SHA256: 837bef64239be017a2aac92852576efc7d84774d90f64e9d69c5cc3a2b4ecce4 It also drops Autoexec.bat.exe file and Autoexec.exe files at C:\ location. (But it didn’t drop these files instead it… Read More Trojan dropper bdf243b7a296f7aecc366c799e3fb865e 3aff7c72d8d942e2b2632a347fe5c3
I came across this sample from one of Twitter post and immediately I downloaded this sample from virusbay.io for analysis. First I used oleTools to analyse word macro. Macro will execute on opening file. It creates text file. It executes PowerShell command. it has base64 used to obfuscate the string. And it creates two bat… Read More Word Macro backdoor Trojan
Malware Analysis 