Nwinternights
Nwinternights
yes Brad, sorry I meant Olefile...
With the full version of oletools it's possible to extract the malicious file inside a doc (not only macros). @spender-sandbox , I'm not so confident in python but with a...
it would be useful to instruct the human.py to mouseover on screen before clicking when there is a PPT slideshow. I'm trying to play with code(inverting the action) but for...
by the way in my opinion @doomedraven gave the answer. I think the best way is to dissect powerpoint with sflock and making static analysis using yara , cuckoo custom...
@machmalfix , did you solve it? I've the same problem with f89ab57d24c9daa981006ac3e7f390d0 I'm trying to play with human.py.
@doomedraven any idea?
https://github.com/brad-accuvant/cuckoo-modified/issues/140
probably your sample is a sort of cerber that trying to connect to multiple C&C. normal behaviour. to speed up reverse lookup task take a look here https://github.com/spender-sandbox/cuckoo-modified/issues/385
@doomedraven oky tks as always.
I've virtualbox. I was looking at this https://github.com/nsmfoo/antivmdetection