reverse engineering… Potential Anti-analysis with XLM NOW() Function- IcedID Delivery 2 Apr 20213 Apr 2021 TL;DR - XLM sample for IcedID delivery is using the NOW() macro function and non-volatility to possibly make the analysis difficult. While looking for the latest trends on MalwareBazaar yesterday,…
macros… Macros: Locky Osiris 28 Jan 20179 Feb 2017 In this post we will go through the macro code for the excel file that was used to bait users into downloading and dropping the malware payload. The macros (ThisWB, Module1) that we…
ransomware… Static Analysis: Locky Osiris 22 Jan 20179 Feb 2017 This post is a continuation of the previous blog post about recent Locky variant. Now let's use OfficeMalScanner to confirm the existence of bin files. As we can see, there is…