SANS ISC Diary - Analysis of a triple-encrypted AZORult downloader

03-02-2020 / In categories SANS ISC, News, 2020

AZORult, Macro, Malware, Phishing, SANS

Translation: CS

A Diary of mine was published today on the SANS Internet Storm Center. In this one we take a look at analysis of an interesting malicious document which turned out to be AZORult downloader. What made it stand out - among its other aspects - were 3 layers of home-grown encryption…

EDIT 04/02/2020: Tom from Threat Post liked the diary and wrote an article based on it - you may find it here.