Tag Archives: Office Documents

Excel 4 macro code obfuscation

This sample comes from a Twitter thread located Here by Frost @fr0s7_ and appears to be  “BazarLoader” Since this is a Xlsb file I usually just open it up in my Office 2010 Pro sandbox and then convert to Xlsm … Continue reading

Posted in Uncategorized | Tagged , , | 1 Comment

A deeper look at Office documents flat style

Over the last few years I have seen some samples that use the xml style of Word Documents with base64 encoded ActiveMime data. What started this was a recent Twitter post by HunterMaor @bit_dam Here where he was not able … Continue reading

Posted in Malware, security, VBScript | Tagged , , | 1 Comment

A deeper look inside one of the new Emotet Malware Docs

The sample here comes from a quick search supplied by ANY.RUN @anyrun_app  of #emotet-doc to filter quickly on documents you want to look at. Twitter reference Here and the link to the file we are going to use Here. One … Continue reading

Posted in Malware | Tagged , , , | Comments Off on A deeper look inside one of the new Emotet Malware Docs