OneNote Malware Trends - OneNote Leads to AgentTesla | allinfosecnews.com

March 23, 2023, 5 p.m. | Dr Josh Stroschein

Dr Josh Stroschein www.youtube.com

In this video, we'll continue to track Onenote malware trends by looking into a document that leads to AgentTesla. Analysis will be very similar to the previous videos - we'll use Onedump to grab the script and investigate a couple of straight-forward stages of Powershell.

SHA256: 9cf84c2868f691d955048d761e223fbac99021676c31effb3bee711f24569323

00:00 Introduction
00:28 Too Long; Didn't Watch (TLDW)
01:21 Sample Info and Getting Started
02:46 Analyzing the Next Stage Script (Embedded EXE)
03:32 Tips for Analyzing Large Base64 Blogs
04:49 Moving to CyberChef …

agenttesla analysis continue document embedded forward grab info introduction malware onenote powershell script sha256 stage tips trends video videos watch

More from www.youtube.com / Dr Josh Stroschein

🔴 Malware Mondays Episode 02 - Investigating Processes with Process Explorer and System Informer 1 month ago | www.youtube.com

basics episode explorer focus +10

MM#02 - Uncover Program Behavior! Build a Sample Program to Investigate w/ Process Explorer | … 1 month, 1 week ago | www.youtube.com

basics build episode explorer +12

Malware Mondays?!? Learn more 1 month, 2 weeks ago | www.youtube.com

Malware Mondays Episode 01 - Identifying Malicious Activity in Process Monitor (ProcMon) Data 1 month, 4 weeks ago | www.youtube.com

artifact data goal learn +11

MM#01 - How to Capture Malicious Activity with Process Monitor! Using ProcMon with Amadey Malware 2 months, 1 week ago | www.youtube.com

amadey artifacts capture data +11

Malware Mondays Episode 01 - Identifying Malicious Activity in Process Monitor (ProcMon) Data 2 months, 1 week ago | www.youtube.com

artifact data goal learn +11

Why Do You Need to Know Assembly to Use IDAPro or Ghidra? Exploring disassembly and … 2 months, 1 week ago | www.youtube.com

assembly disassembly effectively ghidra +9

Ease Shellcode Analysis with SCLauncher! Learn how-to wrap shellcode into a PE file 2 months, 2 weeks ago | www.youtube.com

analysis debugging development easy +18

Customizing FakeNet-NG for Malicious Document Analysis! How to modify the web root 2 months, 3 weeks ago | www.youtube.com

analysis can default dive +16

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com