An interesting sample containing a number of different obfuscation techniques. In this article we analyze the dropper in detail and reach the final stage.
The first file we encounter is a OneNote document. If the “OneNote Format” package is installed, all files are automatically extracted.
Continue reading “RedLine Stealer Dropper”
To help in the analysis of malware which uses Windows batch scripts we just released a package on Cerbero Store called “Simple Batch Emulator”. The name of the package is self-explanatory as it provides a basic emulator for batch scripts. The package is available to all commercial licenses of Cerbero Suite Advanced.
The following is a malicious OneNote document. All embedded files are automatically extracted thanks to the “OneNote Format” package.
Two of the embedded files are batch scripts. We can execute the action to emulate the obfuscated batch code.
Continue reading “Simple Batch Emulator Package”