WordVBAMacro
VBA macro dropper embedded within a Microsoft Word OOXML document. Creating a Shell with the CreateObject API. String hiding with Chr() character concatenation. Anti-analysis with loop filler pseudocode blocks. Hidden module/Sub name.
Threat Profile
Type
Loader
Programming LanguageVBA
C2 Protocolcustom
First Seen2024
Targets
Kuresel
Purpose / Capabilities
- Document Dropper
No C2 servers have been identified for this family yet.
Research Reports (1)
WordVBAMacro 58e3a3cd -- vbaProject-bin CreateObject Chr122-string-obfuscation Loop-filler mpn_F2Jws jPWM1x5r-sub-routine OOXML-word-2007-macro-dropper | Orta
WordVBAMacro 58e3a3cd Word 2007+ OOXML 243KB. vbaProject.bin VBA makro. CreateObject dropper API. Chr(122) string gizleme. Loop filler anti-analiz. Gizlenmis modul: mpn_F2Jws, Sub: jPWM1x5r.
Read Report →