Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Maldoc Analysis With CyberChef SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Maldoc Analysis With CyberChef

In diary entry "Maldoc Strings Analysis" I show how to analyze a malicious document, by extracting and decoding strings with command-line tools.

In this video, I analyze the same malicious Word document, using CyberChef only. This is possible, because this particular maldoc contains a very long string with the payload, and this string can be extracted without parsing the structure of this .doc file.

I pasted the recipe on pastebin here.

Didier Stevens
Senior handler
Microsoft MVP


579 Posts
ISC Handler
Jan 10th 2021

Sign Up for Free or Log In to start participating in the conversation!