Macro analysis on an Emotet dropper (office document) from 01/17/2020
This video focuses on analyzing the macro code from a recent Emotet dropper (i.e. office document). I'll use oledump to analyze the code and perform quick, yet detailed, analysis of how they operate. By the end of this video you will understand how to identify the macro code, perform analysis and extract additional indicators of compromise (IOCs).
Sample MD5: 29b48523e390bf2393796049d7042461
You can find the sample at the following GitHub: https://github.com/jstrosch/malware-samples/blob/master/maldocs/emotet/2020/January/29b48523e390bf2393796049d7042461
And the associated PCAP: https://github.com/jstrosch/malware-samples/blob/master/maldocs/emotet/2020/January/29b48523e390bf2393796049d7042461.pcap
Видео Macro analysis on an Emotet dropper (office document) from 01/17/2020 канала Josh Stroschein
Sample MD5: 29b48523e390bf2393796049d7042461
You can find the sample at the following GitHub: https://github.com/jstrosch/malware-samples/blob/master/maldocs/emotet/2020/January/29b48523e390bf2393796049d7042461
And the associated PCAP: https://github.com/jstrosch/malware-samples/blob/master/maldocs/emotet/2020/January/29b48523e390bf2393796049d7042461.pcap
Видео Macro analysis on an Emotet dropper (office document) from 01/17/2020 канала Josh Stroschein
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![Reversing Malicious Office Document (Macro) Emotet(?)](https://i.ytimg.com/vi/cjlctph9cZE/default.jpg)
![Extract Shellcode from Fileless Malware like a Pro](https://i.ytimg.com/vi/jbieGfML0Bs/default.jpg)
![Emotet is Dead](https://i.ytimg.com/vi/qKrfqasbWrg/default.jpg)
![Advanced VBA Macros Attack & Defence](https://i.ytimg.com/vi/l5sMPGjtKn0/default.jpg)
![Practical Malware Analysis Essentials for Incident Responders](https://i.ytimg.com/vi/20xYpxe8mBg/default.jpg)
![APAC Webinar: Anatomy of An Attack: Emotet, Trickbot, Ryuk Ransomware](https://i.ytimg.com/vi/G0xXvb0nCqI/default.jpg)
![Malware Triage Analyzing PrnLoader Used To Drop Emotet](https://i.ytimg.com/vi/5_-oR_135ss/default.jpg)
!["This is not wide spread knowledge" Jordan Peterson on Soviet History](https://i.ytimg.com/vi/XPfWThToClo/default.jpg)
![Breaking The Kill Chain: A Defensive Approach](https://i.ytimg.com/vi/II91fiUax2g/default.jpg)
![Getting Started with Ghidra: Analyzing Process Hollowing Shellcode from a Maldoc](https://i.ytimg.com/vi/JE6QCS6no1Y/default.jpg)
![Kali Linux 2020 - Backdoor & dropper (quickly and easily)](https://i.ytimg.com/vi/AvWXeAlvyPY/default.jpg)
![Live Stream - Finding Emotet's Config](https://i.ytimg.com/vi/asCqk0qzAqw/default.jpg)
![Will Quantum Computers break encryption?](https://i.ytimg.com/vi/6H_9l9N3IXU/default.jpg)
![Analysing Obfuscated VBA - Extracting indicators from a Trickbot downloader](https://i.ytimg.com/vi/auB7mkwfHrk/default.jpg)
![Exploring Emotet, An Elaborate Everyday Enigma - Luca Nagy](https://i.ytimg.com/vi/Hd7JknWHeTA/default.jpg)
![Der König der Schadsoftware - Emotet - ist tot! 😵 BEHIND THE HACK #1: Was war Emotet?](https://i.ytimg.com/vi/Wh3F0P5O-vM/default.jpg)
![Reversing Data Structures with Ghidra: Structures](https://i.ytimg.com/vi/ntTV8V7KVco/default.jpg)
![Emotet - The Evolution of Malware](https://i.ytimg.com/vi/CkwKTBifXJg/default.jpg)
![Analyzing Malicious Office Documents Presented By Didier Stevens Workshop](https://i.ytimg.com/vi/opdVFQEBCNU/default.jpg)
![Reverse Engineering with Ghidra: Calling Conventions](https://i.ytimg.com/vi/FPIr4fGI8lw/default.jpg)