VBScript

RedLine Infection Chain Step 1

🔍 Dive into the RedLine Stealer Infection Chain – Part 1

turned_in_notCyberChef, Infostealer, LNK, Malware Series, mshta, PowerShell, RedLine, VBScript
RedLine Stealer Infection Chain: Zip ➡️ LNK PS ➡️ mshta (URL1) ➡️ PS ➡️ cmd ➡️ PS ➡️ URL2 ➡️ exe What’s Inside: LNK using \W*\\2\\msh*e to dodge detection VBScript analysis using CyberChef & Wscript.Echo Utilize CyberChef recipe to decode VBScript & PowerShell How to deobfuscate PowerShell with PowerShell logging…
Read More

Excel 4.0 Macro, hta, VBScript & PowerShell Analysis Ataware Ransomware – Part 0x1

turned_in_notAtaware, Deobfuscation, hta, Macro analysis, PowerShell, Ransomware, T1086, T1170, VBScript, xls
This will be a multiple part blog series analysing the complete infection chain from Excel to Ataware Ransomware. In this post we will discuss analysis steps for hta, VBScript & PowerShell code to extract the final payload url. Let’s start with xls, I was browsing Twitter for an interesting sample,…
Read More
keyboard_arrow_up