Audience Level: Internet user, Mid level Analyst
Prerequisite: Programming Language
Malicious documents are mostly delivered through email campaigns. The attacker send the tailored email to the victim with the malicious email attachment or a malicious web link. Once the victim open the malicious document it will download the malware from the internet and execute it on the victim machine.
- Hades Ransomeware: https://www.proofpoint.com/us/threat-insight/post/hades-locker-ransomware-mimics-locky
- Password Protected Doc: https://resources.netskope.com/h/i/295024584-nitol-botnet-makes-a-resurgence-with-evasive-sandbox-analysis-technique (Its a bit lengthy, I will discuss only the analysis of dropped VBS file.)
We will use the code from previous episode to extract the macro from the documents.