Posts

Showing posts from April, 2018

Malicious document analysis Part - 1

Image
Introduction 
A basic and quick approach to analyse phishing documents to identify indicators of maliciousness. FYI this post doesn't cover complete & in depth analysis of malicious documents

Tools 
Didier Stevens Suite sudo pip install oletools Yara - A pattern matching Swiss knife Analysis  All document samples are pulled from Hybrid Analysis - a free malware analysis service for the community that detects and analyzes unknown threats using a unique Hybrid Analysis technology. 
Hash 1: e07c84f98332b07ae40a22f15c32cbf794586e26576a7539def667881e15beae

Download above mentioned sample and check the integrity
Check the file properties using native Linux file command which gives quick idea about sample
Download Didier Stevens Suite and check for yara rules.
Run various rules against the sample document to identify any sort of maliciousness
The below rule can identify an executable file embedded in OLE objects
 Run above yara rule against the downloaded document
Observe the below mald…