Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Zloader Maldoc Analysis With xlm-deobfuscator SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Zloader Maldoc Analysis With xlm-deobfuscator

Reader Roland submitted a malicious Zloader Excel 4 macro spreadsheet (MD5 82c12e7fe6cabf5edc0bdaa760b4b8c8).

It's typical of the samples we have seen these last weeks, with heavy formula obfuscation:

These maldocs can now easily be analysed with xlm-deobfuscator:

I also created a short video:

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

469 Posts
ISC Handler
May 25th 2020

Sign Up for Free or Log In to start participating in the conversation!