Malicious PPT No Macros
A really interesting sample recently came to light where a mouse-hover event in Powerpoint would invoke Powershell to download a malicious .jse file. The Powerpoint has no macro code, and uses a novel technique to invoke Powershell which then pulls down a malicious .jse file. I show you how to decode the .jse file and then deobfuscate its contents so you can extract key network indicators to protect your environment. Enjoy!
Sample MD5 3bff3e4fec2b6030c89e792c05f049fc
ii.jse MD5 f5b3d1128731cac04b2dc955c1a41114
Further Payload URL:
Downloaded Binary: MD5 d984f77b77b75c5c8c8cc2448c2b994d