Forum Discussion

jjdeno99's avatar
jjdeno99
Icon for Bronze I rankBronze I
2 months ago
Solved

Incident Response: Suspicious Email – Part 2 -Help Needed.

Hi, I'm currently trying to complete this lab but I'm stuck on step 10. I have tried to use the different tools at hand but I'm struggling to extract the VBA and getting the binaries for it. Any hel...
help & support
immersive labs
  • Sw33p's avatar
    Sw33p
    2 months ago

    Hi there I managed to solve that Step by manually getting all the "DataDump" Decimalnumbers into one separate file then proceeding to change the Decimals to ASCII. With that you'll get a new file with partially readable Text.
    I created a Pythonscript to change the Decimals to ASCII but I suspect oletools has the capability for this aswell, however I'm unfamiliar with them so I just scripted something. Maybe there is further oletools Labs which could provide the necessary background info.
    Before this I used olevba to extract the Information of the Binary file.

Sw33p's avatar
Sw33p
Icon for Bronze I rankBronze I
2 months ago

Hi there I managed to solve that Step by manually getting all the "DataDump" Decimalnumbers into one separate file then proceeding to change the Decimals to ASCII. With that you'll get a new file with partially readable Text.
I created a Pythonscript to change the Decimals to ASCII but I suspect oletools has the capability for this aswell, however I'm unfamiliar with them so I just scripted something. Maybe there is further oletools Labs which could provide the necessary background info.
Before this I used olevba to extract the Information of the Binary file.