Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Maldoc Analysis With CyberChef - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Maldoc Analysis With CyberChef

In diary entry "Maldoc Strings Analysis" I show how to analyze a malicious document, by extracting and decoding strings with command-line tools.

In this video, I analyze the same malicious Word document, using CyberChef only. This is possible, because this particular maldoc contains a very long string with the payload, and this string can be extracted without parsing the structure of this .doc file.

I pasted the recipe on pastebin here.

Didier Stevens
Senior handler
Microsoft MVP


649 Posts
ISC Handler
Jan 10th 2021

Sign Up for Free or Log In to start participating in the conversation!