Malware Analysis of a Emotet Word Document

April 19, 2024, 2:57 p.m. | Hüseyin EKŞİ

System Weakness - Medium systemweakness.com

In this blog post, I will show how to analyze a malicious Word document.

Resources

Sample:

MD5: 29b48523e390bf2393796049d7042461
SHA256: 26ba3fe65926140305a8fa605d09b8bd2fb8251648eac9b3165fb884a506e837
Download Link: abuse.ch
Anyrun link: any.run

Tools:

Linux commands(I am using Remnux)
oletools
CyberChef

Getting started with static analysis

Download the zip file and extract it using e.g. 7-zip with the password “infected”. Let’s also rename the document to something like “malwaredocument.docx”, which saves us from typing the SHA256 hash in the future.

Identify file type and metadata

We can …

7-zip abuse analysis blog blog post cybersecurity document docx emotet extract file link linux linux commands malicious malware malware analysis md5 password word word document zip

Visit resource

More from systemweakness.com / System Weakness - Medium

First AD home lab 2 hours ago | systemweakness.com

access active directory building can +17

3 Steps to protect yourself from Prompt Injection 2 hours ago | systemweakness.com

prompt-engineering prompt injection security

Clocky | TryHackMe Write-up 1 day ago | systemweakness.com

ctf ctf-writeup tryhackme tryhackme-walkthrough +1

Bypassing Aquatone’s lack of ability to take screenshots of private websites 1 day ago | systemweakness.com

automation cybersecurity hacking pentesting +1

Tuesday Morning Threat Report: Apr 30, 2024 1 day ago | systemweakness.com

analysis artificial intelligence bad customers +21

Staying Anonymous — Ethical Hacking as a Beginner [09] 1 day ago | systemweakness.com

anonymous beginner communication cybersecurity +22

Safeguarding the Virtual Frontier 1 day ago | systemweakness.com

awareness click collaboration critical +24

The Ultimate Guide to CISSP’s Eight Security Territories 1 day ago | systemweakness.com

bug bounty cybersecurity information security information technology +1

Keep your API keys safe (OpenAI, Together AI, etc.) 1 day ago | systemweakness.com

cybersecurity data science encryption generative-ai-tools +1

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Principal Business Value Consultant

@ Palo Alto Networks | Chicago, IL, United States

View on infosec-jobs.com

Cybersecurity Specialist, Sr. (Container Hardening)

@ Rackner | San Antonio, TX

View on infosec-jobs.com

Penetration Testing Engineer- Remote United States

@ Stanley Black & Decker | Towson MD USA - 701 E Joppa Rd Bg 700

View on infosec-jobs.com

Internal Audit- Compliance & Legal Audit-Dallas-Associate

@ Goldman Sachs | Dallas, Texas, United States

View on infosec-jobs.com

Threat Responder

@ Deepwatch | Remote

View on infosec-jobs.com

View more jobs

all InfoSec news

Malware Analysis of a Emotet Word Document

In this blog post, I will show how to analyze a malicious Word document.

Resources

Getting started with static analysis

Identify file type and metadata

More from systemweakness.com / System Weakness - Medium

Jobs in InfoSec / Cybersecurity

Social Engineer For Reverse Engineering Exploit Study

Principal Business Value Consultant

Cybersecurity Specialist, Sr. (Container Hardening)

Penetration Testing Engineer- Remote United States

Internal Audit- Compliance & Legal Audit-Dallas-Associate

Threat Responder