In this article, a direct continuation of the previous article, we analyze a C2 agent developed in .NET to identify how it evades defenses, the capabilities it offers, and how we can obtain indicators of compromise from it.

In this first part, we will analyze a malicious macro containing an embedded C2 agent. We will analyze how it acts, what techniques it uses to hinder analysis, and how we can obtain indicators of compromise from it.

In this article we analyze from scratch a malicious macro that has an embedded bind shell using static and dynamic analysis techniques.

Introduction to the blog, where I plan to document the different techniques one can use when analyzing malware, both statically and dynamically.