Categoría: Analyzing Malicious Documents

Cyberdefenders – XLM Macros writeup

rokitoh Deja un comentario

Recently, we have seen a resurgence of Excel-based malicous office documents. Howerver, instead of using VBA-style macros, they are using older style Excel 4 macros. This changes our approach to analyzing these documents, requiring a slightly different set of tools. In this challenge, you’ll get hands-on with two documents that use Excel 4.0 macros to perform anti-analysis and download the next stage of the attack.

Samples:

  • Sample1: MD5: fb5ed444ddc37d748639f624397cff2a
  • Sample2: MD5: b5d469a07709b5ca6fee934b1e5e8e38

Helpful Tools:

  • REMnux VM
  • XLMDeobfuscator
  • OLEDUMP with PLUGIN_BIFF
  • Office IDE
Leer más

Cyberdefenders – MalDoc101 writeup

rokitoh Deja un comentario

It is common for threat actors to utilize living off the land (LOTL) techniques, such as the execution of PowerShell to further their attacks and transition from macro code. This challenge is intended to show how you can often times perform quick analysis to extract important IOCs. The focus of this exercise is on static techniques for analysis.

Suggested Tools:

  • REMnux Virtual Machine (remnux.org)
  • Terminal/Command prompt w/ Python installed
  • Oledump
  • Text editor

En primer lugar vamos a instalar el software necesario para realizar el reto

Descargamos OLEDUMP

mkdir /opt/oledump
cd /opt/oledump
wget http://didierstevens.com/files/software/oledump_V0_0_60.zip
unzip oledump_V0_0_60.zip

Instalamos oletools

pip install -U oletools
Leer más