Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Maldoc Analysis with ViperMonkey - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Maldoc Analysis with ViperMonkey

We received another Emotet maldoc, but this time the analysis with VBA emulator ViperMonkey will have to be done differently.

ViperMonkey is still under development, and for this maldoc, it does not manage to execute the code that reveals the base64 payload. But when we use ViperMonkey's option -a to use an alternate parser, we can extract the base64 payload.

The maldoc was delivered inside a password protected ZIP file.

This time, I made a video of the static analysis process:

 

Didier Stevens
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

163 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!