Static analysis of Rana’s (APT39) VBS malware sample.
Published in
Feb 10, 2022
The FBI identified several malicious VBS scripts used by Rana (APT39). The VBS malware was embedded in Microsoft Office documents. Once opened, the Office document deobfuscated and broke out two (2) scripts -[see IOCs below].
The full FBI report can be found here.
The demo for this analysis can be found on my YouTube.