MalDoc Analysis: Cheeky HTA Loader

Let’s dig into a (potentially) malicious document and see what indicators it navigates us to. Hash Name 499b2d5a07fbcfbc8a6ec124c14efde7 ordain-08.21.doc fedbbc359e03b17bd7866a31283c3ff87cc693e4 ordain-08.21.doc 331742a3835a6634e1331be491a789f7e5ddcefc6a30b7965dbf970d214b36d4 ordain-08.21.doc Download: You can acquire this sample from MalwareBazaar Initial Analysis Let’s first unzip the file with MalwareBazaar’s standard password: infected [PS: I’m going to rename the file for sanity’s sake] Once done, we can check to see what file type we’re dealing with: file Ordain....

September 2, 2021 · 5 min · Syed Hasan