In diary entry "Maldoc Strings Analysis" I show how to analyze a malicious document, by extracting and decoding strings with command-line tools. In this video, I analyze the same malicious Word document, using CyberChef only. This is possible, because this particular maldoc contains a very long string with the payload, and this string can be extracted without parsing the structure of this .doc file. I pasted the recipe on pastebin here. Didier Stevens |
DidierStevens 524 Posts ISC Handler Jan 10th 2021 |
Reply Subscribe |
Jan 10th 2021 2 weeks ago |
Sign Up for Free or Log In to start participating in the conversation!