Hello and welcome to the Tuesday, June 20th,

2003 edition of the Sands and Stormsendors Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

We've got a couple of interesting diaries over the long weekend.

First of all, Brad published another one of his walkthroughs.

This time, an other case of a forum book, actually. There's a little bit of focus of Brad this month.

It does arrive as an email with an Excel attachment. This attachment is actually exploiting a rather old vulnerability, 2017, and that is then

being used to load an executable.

This executable will, after a reboot, because that's how it makes itself persistent.

Also, download and base 64 encoded DLL

that then loads

Formbook. Formbook is

a pretty common

kind of piece of malware, has been

around for a while, and

Brad has been written about

this in the past. but it's one of those

mouse that sort of keeps changing, also the infection chain, how it ends up on system, keeps

changing.

Interesting that it uses this old war on ability here in this case, but that's also part of some

of this malware where it's going after systems

...