So, Emotet’s back after a hiatus of around 5 months and as per claims around internet, delivered around 80k spam emails in 24hr on its return. So, let’s see what the Maldoc being delivered this time looks like. We downloaded this particular sample from hxxp://www[.]ahbro[.]com/wp-content/browse/omxl046951300lyxdvye9ksa2j. Let’s begin then. First of all let’s see how the …
Ever received an Incident where a user machine got infected by a malicious attachment which he/she received in the email and as an Incident Responder it suspects you of having a malicious macro that takes advantage of Windows’ own legitimate tools like CMD and PowerShell. But not sure how to quickly extract and analyze macros …
Hi readers! This is probably going to be my first technical post regarding the deep analysis of any malware sample. If you would have followed my blog then you must be aware that most of my posts include building concepts related to malware analysis. However, I decided to take a break from that for a …
Before we proceed to the concept of PE File Format, which describes the internal structure of all Windows executable files, one should also know the concepts of Virtual Address (VA), Relative Virtual Address (RVA) and Offsets as these would be the foundation in helping you to understand the technical parts of the PE file format. …
Earlier, I wrote a post on “Understanding PE Structure – The Layman’s Way” and this one is a continuation to that post. I highly recommend my readers to go through that post, where I have gone detailed into the PE file format, before jumping onto this article. Since the earlier post was already too long …