Sample

Metadata

SHA256: 2299ff9c7e5995333691f3e68373ebbb036aa619acd61cbea6c5210490699bb6
Difficulty: medium
Platform: Windows
Tags: apt js kopiluwak macro office turla vba
Likes: 0
Views: 77
Submitter: struppigel

Analysis

Goal

Create a C2 extractor using a Python script, binary refinery pipeline or CyberChef recipie

Description

This file consists of several layers. Unpack them all until you reach the backdoor. Then extract the C2 URL.
The decryption of each layer is relatively straight forward.

Recommended Tools

astexplorer binary refinery oletools

Solutions

C2 Extractor for Turla's Kopiluwak Using Binary Refinery Reference by struppigel

Image

Video

Solution by struppigel: C2 Extractor for Turla's Kopiluwak Using Binary Refinery

Comments

Please login to view and post comments.