More Steganography!

SUMMARY :

A malicious Excel file using steganography was analyzed, revealing embedded XLS sheets and a complex infection chain. The file downloads an HTA file that creates a BAT file, which in turn generates and executes a VBS file. The VBS file fetches a VBA script that creates and runs a PowerShell script. The PowerShell script downloads an image containing a hidden payload delimited by specific tags. The payload is a Base64-encoded PE file, which is decoded and executed as a DLL. The final payload appears to be a Katz stealer. This analysis highlights the use of multiple file types and steganography techniques to evade detection.

OPENCTI LABELS :

powershell,excel,steganography,base64,vbs,hta,dll,katz stealer


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


More Steganography!