We recently stumbled upon this tweet by @Cryptolaemus1 about a malicious OneNote document with an embedded ISO file. Because of our recently released ISO Format package, we thought it would be interesting to analyze this malware sample with Cerbero Suite.
The unidentified embedded object in the OneNote document is an ISO file.
Continue reading “OneNote Malware With ISO File”
An interesting sample containing a number of different obfuscation techniques. In this article we analyze the dropper in detail and reach the final stage.
The first file we encounter is a OneNote document. If the “OneNote Format” package is installed, all files are automatically extracted.
Continue reading “RedLine Stealer Dropper”