This morning I observed an Internet Shortcut file (sha256:0817cd8b0118e2f023342ad016ef443fd4c2e4657a373f9023807a231d16b0fa – Fattura Elettronica 11817929720.url) designed to compromise an Italian organization, containing these instructions: The .lnk file in its turn showed the following commands: This instructions are designed to perform two main actions: it moves a file and then starts it. First, Continue Reading
A Reverse Engineer’s journey with PowerShell and XWorm
Every now and then you come across new malware variants and find something that attracts a little attention. A few days ago I acquired a VBS file, directed via a malspam campaign against an Italian organization, that was approximately 409 MB in size (sha256:ADF773B49D8306E08B5232039E0DEA143E2C015CDC731F1BE86D7DD92FCCA6A9). After thinking I might find something Continue Reading