Recently, we have seen a resurgence of Excel-based malicious office documents. However, instead of using VBA-style macros, they are using older style Excel 4 macros. This changes our approach to analyzing these documents, requiring a slightly different set of tools. In this challenge, you’ll get hands-on with two documents that use Excel 4.0 macros to perform anti-analysis and download the next stage of the attack.
You can find the exercise, artifacts and full walk-through on my Github at https://github.com/jstrosch/malware-samples/tree/master/malware_analysis_exercises/2021/February.
Looking for more of a challenge? Try this on CyberDefenders as part of their CTF! https://cyberdefenders.org/labs/55