Articles

Excel 4.0 macro Trojan Downloader

-
Image
Hash: 89e62ec08b0b6065134c67937bae76ccd70163770fd6992574e41b9c82c3cf1c Sample Download Link:  beta.VirusBay.io Application Name: Microsoft Excel File Type: xls VirusTotal Score: 29/60 I came across this sample on VirusBay.io. I downloaded this malicious excel file on my VM for malware analysis. OLEVBA.py First thing I did analysis of VBA macro source code in excel file using OLETools. Command >  OLEVBA.py -a The result shows, macro will auto execute on opening file and it may run executable file may be using shell command and will download a file from remote server. The executable file name is  FBpKzqF.exe Document Property: XLM macro has been used in this file which is hidden. Steps To Make Macros Sheet Visible Step 1 I enabled it by right click on the spreadsheet which is open in Excel and selected Unhide… And then a popup shows the name of spreadsheet I will select to unhide. Here name of sheet is  SODXOFScMLy . Step 2 Along with this need to unblock the excel ...
Enregistrer un commentaire
Lire la suite

TROJAN AGENT TESLA – MALWARE ANALYSIS

-
Image
Hash – 077f75ef7fdb1663e70c33e20d8d7c4383fa13fd95517fab8023fce526bf3a25 Family : Agent Tesla Signature: Microsoft Visual C# v7.0/ Basic.NET Filename: UIhLdVHHlUAKoEOpjVAsXFlIQrgS.exe VirusTotal score: Malware behavior: Steal browser information (URL, Usernames, Passwords) Steal passwords for email clients. Steal FTP Clients Steal download manager passwords. Collect OS and hardware information. Browser Information: When I debug the malware executable, Initially it creates a SQLite database to store collected information from victims machine. Below are the tables getting created. Tables created: meta logins sqlite_sequence stats compromised_credentials found it collected browsers data (Google chrome), that includes accessed URLs and related usernames and passwords. database table  logins  stores all browser related information. Below are the table columns. Apart from this, malware also look for all different types of ...
1 commentaire
Lire la suite