Josh StroscheinMar 25, 20203 min readMaldoc drops DLL and executes via ExecuteExcel4MacroBehavioral information is a key indicator used to determine if an office document is malicious or not. I’ve recently seen a series of...
Josh StroscheinMar 18, 20205 min readMaldoc uses Windows API to perform process hollowingA favorite technique by malware authors is to use macros in their office documents to utilize a normal system executable and replace the...
Josh StroscheinMar 10, 20203 min readMaldoc uses RC4 to hide PowerShell script, retrieves payload from DNS TXT recordMalware authors are constantly coming up with new and clever techniques to help avoid detection. In this maldoc, the authors employed...