Video:
Text:
Audience Level: Internet user, Mid level Analyst
Prerequisite: Programming Language
Introduction:
Obfuscation: https://en.wikipedia.org/wiki/Obfuscation_(software)
Infection Method:
Malicious documents are mostly delivered through email campaigns. The attacker send the tailored email to the victim with the malicious email attachment or a malicious web link. Once the victim open the malicious document it will download the malware from the internet and execute it on the victim machine.
Case Study:
- Hades Ransomeware: https://www.proofpoint.com/us/threat-insight/post/hades-locker-ransomware-mimics-locky
- Password Protected Doc: https://resources.netskope.com/h/i/295024584-nitol-botnet-makes-a-resurgence-with-evasive-sandbox-analysis-technique (Its a bit lengthy, I will discuss only the analysis of dropped VBS file.)
Analysis:
We will use the code from previous episode to extract the macro from the documents.
https://cysinfo.com/cyber-security-amit-malik-episode-1-macro-analysis/