Tag: powershell

Written by JRP_Malware Analysis

Malware Analysis – Microsoft Word (VBA Macro Downloader using PowerShell)

1) Sample Details: MD5 – 5ab2c99e5b4673494c2b37da10442bc3SHA-1 – 00d379f6e1d040a185f7c7d678879360a1570b47SHA-256 – 05e1e27194872ea82491a474afd2273bdad56e2b61172453ef3e771be6965c82 $ file PT798800-TT000768-11.doc PT798800-TT000768-11.doc: Microsoft Word 2007+ 2) Right away we see the suggestion provided to enable macro and a “100% Virus Satisfaction Guaranteed Seal” with a check mark next to ‘No Download’ (seems legit :p). 3) There was a lot of Junk Code like […]

Written by JRP_Malware Analysis

Malware Analysis – VBA Macro sample 128623cda77296ec4cd94eef06068de95b7128dfdb16a4e6f8d7269da218d8ed

1) Sample Details: Hash: MD5 – 40e2f412a8f47b43e7d2336e22bec6f4 SHA-1 – 10a4c26ba2b0ed617ba367d41feef975e2dc30b7 SHA-256 -128623cda77296ec4cd94eef06068de95b7128dfdb16a4e6f8d7269da218d8ed File: $ file rents.xls rents.xls: Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: ������������ Windows, Last Saved By: ������������ Windows, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Dec 20 13:33:43 2018, Last Saved Time/Date: […]