C2 IP/URI: 71.78.158.190C2 IP/URI: 208.180.217.173C2 IP/URI: 181.31.182.138C2 IP/URI: 201.249.117.123C2 IP/URI: 190.219.231.69C2 IP/URI: 104.236.135.119C2 IP/URI: 162.243.125.212C2 IP/URI: 217.13.106.160C2 IP/URI: 5.230.147.179C2 IP/URI: 64.13.225.150C2 IP/URI: 190.16.121.202C2 IP/URI: 173.255.196.209C2 IP/URI: 85.104.59.244C2 IP/URI: 187.135.43.126C2 IP/URI: 138.201.140.110C2 IP/URI: 67.205.149.117C2 IP/URI: 63.77.201.245C2 IP/URI: 203.210.237.200C2 IP/URI: 211.63.71.72C2 IP/URI: 167.114.210.191C2 IP/URI: 69.198.17.7C2 IP/URI: 103.12.132.98C2 IP/URI: 190.161.186.116C2 IP/URI: 187.214.110.33C2 IP/URI: 70.57.82.196C2 IP/URI: 187.198.57.250C2 IP/URI: 201.220.152.101C2 IP/URI: 174.93.130.148C2 IP/URI: 189.154.84.161C2 IP/URI: 173.255.250.241C2 IP/URI: 133.242.156.30C2 IP/URI: 179.14.2.75C2 IP/URI: 201.138.11.223C2 IP/URI: 186.4.234.27C2 IP/URI: 200.126.225.56C2 IP/URI: 50.31.0.160C2 IP/URI: 208.78.100.202C2 IP/URI: 87.106.210.123C2 IP/URI: 104.247.248.129C2 IP/URI: 94.76.200.114C2 IP/URI: 95.128.43.213C2 IP/URI: 87.106.139.101C2 IP/URI: 91.92.191.134C2 IP/URI: 62.75.187.192C2 IP/URI: 189.190.153.12C2 IP/URI: 147.135.210.39C2 IP/URI: 175.100.138.82C2 IP/URI: 187.189.195.208C2 IP/URI: 201.110.165.146C2 IP/URI: 24.63.218.229C2 IP/URI: 78.186.5.109C2 IP/URI: 45.33.49.124C2 IP/URI: 177.242.214.30C2 IP/URI: 83.222.124.62C2 IP/URI: 190.141.245.221C2 IP/URI: 178.62.37.188C2 IP/URI: 181.39.51.243C2 IP/URI: 45.123.3.54
This malware takes anti-analysis and stealth techniques to a new level We took a look at this malware in the Part 1 of this publication. Now let’s carry on with the analysis and dig deeper into the various anti-analysis and stealth-exec features of this malware in Part2. Malpedia Inventory: https://malpedia.caad.fkie.fraunhofer.de/details/vbs.grinju Secondary Macro Code First of all, here’s the entire code that is dumped in the sheet once all the macro functions have been completed. Take a look at these lines and try to figure out what they are meant to do. Then we’ll take a look at the most important of these briefly before moving on to the next section. =CLOSE(FALSE) =FORMULA(LEN(APP.MAXIMIZE())+-459,Sheet1!R18690C129) =FORMULA(LEN(GET.WINDOW(7))+-131,Sheet1!R18691C129) =FORMULA(LEN(GET.WINDOW(20))+-893,Sheet1!R18692C129) =FORMULA(LEN(GET.WINDOW(23)=3)+433,Sheet1!R18693C129) =FORMULA(LEN(GET.WORKSPACE(31))+864,Sheet1!R18694C129) =FORMULA(LEN(GET.WORKSPACE(13)>770)+...
Comments
Post a Comment