D

Deleted Member 3a5v73x

Haven't got any nice attachment in my main inbox lately, however I do receive quite a nice amount of questionable links which may lead to those. By the time I try them links are already dead. :D

outlook1.PNG
 
E

Eddie Morra

Maybe the macromalware is just a dropper and once executed, it can download the malicious executable that would have a higher ratio on VT.
That would be a logical explanation.

Most of the time, malicious Office VBA Macro's will simply act as an entry to gain code execution on the machine before deploying file-less script attacks or dropping another loader on the environment. Following this, the real payload normally comes into play.
 
E

Eddie Morra

I can try and investigate the attachment for you if you'd like and provide some malware analysis insight. I'm a bit bored these days, it'll spice things up.

Send me the attachment download in a PM - if you don't have it, I'll use the VT link and see if I can find the sample myself.
 

ticklemefeet

Level 22
Verified
I can try and investigate the attachment for you if you'd like and provide some malware analysis insight. I'm a bit bored these days, it'll spice things up.

Send me the attachment download in a PM - if you don't have it, I'll use the VT link and see if I can find the sample myself.
You changed your nickname again? This one is easier to pronounce. The sample is still in my inbox.