Analyzing Malicious Microsoft Office Word Document | HackTheBox Emo
We covered analyzing an office document that has an embedded Macro code written in Visual Basic. The document was claimed to cause…
We covered analyzing an office document that has an embedded Macro code written in Visual Basic. The document was claimed to cause ransomware infection so we performed a static analysis including extracting relevant strings, calculating the MD5 hash, metadata and revealing the hidden Macro routine using tools such as olevba. Then we submitted the hash to online analysis engines such as VirusTotal and it was found to be malicious in that it executes a Powershell command that contacts c2 server to download further payloads. We also found instances of XOR encryption along with the XOR key which then used to decrypt a characters that were encoded previously into decimal form. This was part of HackTheBox Emo challenge.
https://www.buymeacoffee.com/notescatalog/e/183886
Full Writeup can be found here.
