all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

OneNote Malware Trends - Analyzing Emotet Abuse

Add to bookmarks
March 22, 2023, 5 p.m. | Dr Josh Stroschein

Dr Josh Stroschein www.youtube.com

The OneNote abuse continues! In this video, we'll look at the recent wave of OneNote malware trends being utilized by Emotet - one of the most prolific malware distributors out there. We'll use Onedump by Didier Stevens to investigate the document, extract the primary script and deobfucate the code.

Sample SHA256: ce6af4e3a1ccade377d8decce80e5b11468a98948387b74f2d3dee162050c355

00:00 Introduction
00:17 Too Long, Didn't Watch (TLDW)
00:55 Starting Analysis with OneNote Structure
02:16 Dumping the VBScript
04:19 Finding the String Obfuscation
05:25 Deobfuscating Strings
05:58 Identifying …

abuse analysis code didier didier stevens document dumping emotet extract introduction malware onenote script sha256 trends vbscript video watch

Visit resource

More from www.youtube.com / Dr Josh Stroschein

🔴 Malware Mondays Episode 02 - Investigating Processes with Process Explorer and System Informer 1 month ago | www.youtube.com
basics episode explorer focus +10
MM#02 - Uncover Program Behavior! Build a Sample Program to Investigate w/ Process Explorer | … 1 month, 1 week ago | www.youtube.com
basics build episode explorer +12
Malware Mondays?!? Learn more 1 month, 2 weeks ago | www.youtube.com
learn malware
Malware Mondays Episode 01 - Identifying Malicious Activity in Process Monitor (ProcMon) Data 1 month, 3 weeks ago | www.youtube.com
artifact data goal learn +11
MM#01 - How to Capture Malicious Activity with Process Monitor! Using ProcMon with Amadey Malware 2 months, 1 week ago | www.youtube.com
amadey artifacts capture data +11
Malware Mondays Episode 01 - Identifying Malicious Activity in Process Monitor (ProcMon) Data 2 months, 1 week ago | www.youtube.com
artifact data goal learn +11
Why Do You Need to Know Assembly to Use IDAPro or Ghidra? Exploring disassembly and … 2 months, 1 week ago | www.youtube.com
assembly disassembly effectively ghidra +9
Ease Shellcode Analysis with SCLauncher! Learn how-to wrap shellcode into a PE file 2 months, 2 weeks ago | www.youtube.com
analysis debugging development easy +18
Customizing FakeNet-NG for Malicious Document Analysis! How to modify the web root 2 months, 3 weeks ago | www.youtube.com
analysis can default dive +16

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com