[SANS ISC] Windows Batch File Deobfuscation

I published the following diary on isc.sans.org: “Windows Batch File Deobfuscation“:

Last Thursday, Brad published a diary about a new ongoing campaign delivering the Emotet malware. I found another sample that looked the same. My sample was called ‘Order-42167322776.doc’ (SHA256:4d600ae3bbdc846727c2922485f9f7ec548a3dd031fc206dbb49bd91536a56e3 and looked the same as the one analyzed Brad. The infection chain was almost the same… [Read more]

[The post [SANS ISC] Windows Batch File Deobfuscation has been first published on /dev/random]

Article Link: https://blog.rootshell.be/2018/07/26/sans-isc-windows-batch-file-deobfuscation/