XLM Macros

Category : Malware Analysis

Macro OLEDUMP XLM
657 Players
4.3 (80)
Medium
  • Q1

    Sample1: What is the document decryption password?

    • Weight : 100 | Solved : 378
    • Weight : 200 | Solved : 363
    • Weight : 200 | Solved : 365
    • Weight : 200 | Solved : 337
    • Weight : 200 | Solved : 337
    • Weight : 500 | Solved : 304
    • Weight : 100 | Solved : 306
    • Weight : 300 | Solved : 301
    • Weight : 400 | Solved : 288
    • Weight : 600 | Solved : 305
    • Weight : 600 | Solved : 285
    • Weight : 400 | Solved : 282
    • Weight : 500 | Solved : 283
    • Weight : 800 | Solved : 289

    • Instructions:

    Use the password "cyberdefenders.org" to uncompress challenge files and inspect samples.

    Recently, we have seen a resurgence of Excel-based malicous office documents. Howerver, instead of using VBA-style macros, they are using older style Excel 4 macros. This changes our approach to analyzing these documents, requiring a slightly different set of tools. In this challenge, you'll get hands-on with two documents that use Excel 4.0 macros to perform anti-analysis and download the next stage of the attack.

    Samples:

    • Sample1: MD5: fb5ed444ddc37d748639f624397cff2a
    • Sample2: MD5: b5d469a07709b5ca6fee934b1e5e8e38


    Helpful Tools:

    • REMnux VM
    • XLMDeobfuscator
    • OLEDUMP with PLUGIN_BIFF
    • Office IDE

    Suggested Resources:

    Sign in to Download challenge

    Need Help?

    Join our Discord server, connect with fellow defenders, and get help while solving challenges.
    • SHA1SUM:
      35fb4497de1633d6887fd1453ee1426ca627eeec
    • Password:
      cyberdefenders.org
    • Size:
      174K
    • Published:
      Feb. 16, 2021
    First blood

    poisonous

    770 days ago

    Last solve

    0xS1rx58

    today

    Authors

    Josh Stroschein