Sample

Metadata

SHA256: 6f8f1b26324ea0f3f566fbdcb4a61eb92d054ccf0300c52b3549c774056b8f02
Difficulty: medium
Platform: Windows
Tags: hta loader macro office
Likes: 1
Views: 2
Submitter: malcat

Analysis

Goal

List all the download urls for the next stage using static analysis only. Bonus point if you do not use Excel.

Description

This ole office loader stores its payload outside the usual VBA macro. The "hard" part is to retrieve and reassemble it.

Recommended Tools

malcat

Solutions

Cutting corners against a Dridex downloader (part #1) Reference by malcat

Image

Sample image

Comments

Please login to view and post comments.