Cyber Security with Amit Malik – Episode 2 – Macro Code De-obfuscation using Vbscript Debugger

Video:

Text:

Audience Level: Internet user, Mid level Analyst

Prerequisite: Programming Language

Introduction:

Obfuscation: https://en.wikipedia.org/wiki/Obfuscation_(software)

Infection Method:

Malicious documents are mostly delivered through email campaigns. The attacker send the tailored email to the victim with the malicious email attachment or a malicious web link. Once the victim open the malicious document it will download the malware from the internet and execute it on the victim machine.

Case Study:

  1. Hades Ransomeware: https://www.proofpoint.com/us/threat-insight/post/hades-locker-ransomware-mimics-locky
  2. Password Protected Doc: https://resources.netskope.com/h/i/295024584-nitol-botnet-makes-a-resurgence-with-evasive-sandbox-analysis-technique (Its a bit lengthy, I will discuss only the analysis of dropped VBS file.)

Analysis:

We will use the code from previous episode to extract the macro from the documents.

https://cysinfo.com/cyber-security-amit-malik-episode-1-macro-analysis/

 

Share:

Leave a Reply