OK, so a while back (a few weeks ago) I got a malicious word document from a friend of a friend of an enemy. I though it would be kind of fun to dig into it and see what’s in it. I’ve also been wanting to do a post on something related to malware. So, two birds, one stone. Let’s do this.
I present to you, an analysis of the August information stealer (and associated dropper). August is a fairly new information stealer that has recently had a few articles/blog posts written on it. See: https://www.proofpoint.com/uk/threat-insight/post/august-in-december-new-information-stealer-hits-the-scene
This post is more about the process of analyzing the sample, rather than the conclusions drawn from the analysis. I have a copy of the original sample available for people to follow along.