all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

OneNote Malware Trends - Analyzing Emotet Abuse

Add to bookmarks
March 22, 2023, 5 p.m. | Dr Josh Stroschein

Dr Josh Stroschein www.youtube.com

The OneNote abuse continues! In this video, we'll look at the recent wave of OneNote malware trends being utilized by Emotet - one of the most prolific malware distributors out there. We'll use Onedump by Didier Stevens to investigate the document, extract the primary script and deobfucate the code.

Sample SHA256: ce6af4e3a1ccade377d8decce80e5b11468a98948387b74f2d3dee162050c355

00:00 Introduction
00:17 Too Long, Didn't Watch (TLDW)
00:55 Starting Analysis with OneNote Structure
02:16 Dumping the VBScript
04:19 Finding the String Obfuscation
05:25 Deobfuscating Strings
05:58 Identifying …

abuse analysis code didier didier stevens document dumping emotet extract introduction malware onenote script sha256 trends vbscript video watch

Visit resource

More from www.youtube.com / Dr Josh Stroschein

MM#02 - Uncover Program Behavior! Build a Sample Program to Investigate w/ Process Explorer | … 3 days, 19 hours ago | www.youtube.com
basics build episode explorer +12
🔴 Malware Mondays Episode 02 - Investigating Processes with Process Explorer and System Informer 6 days, 21 hours ago | www.youtube.com
basics explorer focus information +9
Malware Mondays?!? Learn more 1 week, 2 days ago | www.youtube.com
learn malware
Malware Mondays Episode 01 - Identifying Malicious Activity in Process Monitor (ProcMon) Data 3 weeks ago | www.youtube.com
artifact data goal learn +11
MM#01 - How to Capture Malicious Activity with Process Monitor! Using ProcMon with Amadey Malware 1 month ago | www.youtube.com
amadey artifacts capture data +11
Malware Mondays Episode 01 - Identifying Malicious Activity in Process Monitor (ProcMon) Data 1 month ago | www.youtube.com
artifact data goal learn +11
Why Do You Need to Know Assembly to Use IDAPro or Ghidra? Exploring disassembly and … 1 month ago | www.youtube.com
assembly disassembly effectively ghidra +9
Ease Shellcode Analysis with SCLauncher! Learn how-to wrap shellcode into a PE file 1 month, 1 week ago | www.youtube.com
analysis debugging development easy +18
Customizing FakeNet-NG for Malicious Document Analysis! How to modify the web root 1 month, 2 weeks ago | www.youtube.com
analysis can default dive +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Security Compliance Architect - Experian Health (Can be REMOTE from anywhere in the US)

@ Experian | ., ., United States
View on infosec-jobs.com

IT Security Specialist

@ Ørsted | Kuala Lumpur, MY
View on infosec-jobs.com

Senior, Cyber Security Analyst

@ Peloton | New York City
View on infosec-jobs.com

Cyber Security Engineer | Perimeter | Firewall

@ Garmin Cluj | Cluj-Napoca, Cluj County, Romania
View on infosec-jobs.com

Pentester / Ethical Hacker Web/API - Vast/Freelance

@ Resillion | Brussels, Belgium
View on infosec-jobs.com
View more jobs