Last Updated: 2016-12-24 15:55:30 UTC
by Didier Stevens (Version: 1)
The trick used here is to start a ping command (from VBA macros) that will take several minutes to execute: cmd.exe /C ping 18.104.22.168 -n 250 > nul
This command does 250 pings to Google DNS 22.214.171.124. It will take around 4 minutes and 10 seconds to execute. And after that, the VBA code downloads and executes malware.