https://cyberdefenders.org/labs/55
Recently, we have seen a resurgence of Excel-based malicous office documents. Howerver, instead of using VBA-style macros, they are using older style Excel 4 macros. This changes our approach to analyzing these documents, requiring a slightly different set of tools. In this challenge, you'll get hands-on with two documents that use Excel 4.0 macros to perform anti-analysis and download the next stage of the attack.
It seems I can open the document in LibreOffice Calc and use the oledump
tools without decrypting the password. However, msoffcrypto-tool
does say it is encrypted:
$ msoffcrypto-tool -t -v sample1-fb5ed444ddc37d748639f624397cff2a.bin
msoffcrypto
also has a cracking tool:
$ msoffcrypto-crack.py sample1-fb5ed444ddc37d748639f624397cff2a.bin
VelvetSweatshop