Analysing Obfuscated VBA - Extracting indicators from a Trickbot downloader

auB7mkwfHrk/default.jpg

A rather lengthy video to showcase my analysis techniques and thought processes when analysing malicious macros. In this case I review a Trickbot downloader which hides an interesting nuance if certain folders are present on the machine.

Hopefully of use to those learning how to reverse engineering high-level code.

Sample discussed:
https://www.virustotal.com/#/file/151...

auB7mkwfHrk/default.jpg
Analysing Obfuscated VBA - Extracting indicators from a Trickbot downloader Analysing Obfuscated VBA - Extracting indicators from a Trickbot downloader Reviewed by Unknown on August 16, 2018 Rating: 5