WordVBAMacro

VBA macro dropper embedded within a Microsoft Word OOXML document. Creating a Shell with the CreateObject API. String hiding with Chr() character concatenation. Anti-analysis with loop filler pseudocode blocks. Hidden module/Sub name.

Threat Profile
Type Loader
Programming LanguageVBA
C2 Protocolcustom
First Seen2024
Targets Kuresel
Purpose / Capabilities
  • Document Dropper
No C2 servers have been identified for this family yet.

Research Reports (1)

Medium

WordVBAMacro 58e3a3cd -- vbaProject-bin CreateObject Chr122-string-obfuscation Loop-filler mpn_F2Jws jPWM1x5r-sub-routine OOXML-word-2007-macro-dropper | Orta

WordVBAMacro 58e3a3cd Word 2007+ OOXML 243KB. vbaProject.bin VBA makro. CreateObject dropper API. Chr(122) string gizleme. Loop filler anti-analiz. Gizlenmis modul: mpn_F2Jws, Sub: jPWM1x5r.

Read Report →