A recently discovered malware family called Epic Manchego uses a clever trick to create malicious MS Excel files with minimal detection rates and an increased likelihood of bypassing security systems. By examining the security evasion methods used by attackers, you can understand what top-priority measures should be taken to protect systems from these types of attacks.
Description of the threat
"" 2020 , Excel. , . , , . "Have I Been Pwned?" , , , .
NVISO, " VirusTotal 200 , 27 , . , (, VPN)".
, , , , , .
, , , , , , , , .
Epic Manchego
Office , , 4.
Microsoft Office Microsoft Office Excel, .NET EPPlus. Excel, .
4 drawing1.xml ( ) name="VBASampleRect» EPPLUS Wiki (), .
, .
. , VBA , .
VBA-, , VBA . VBA (IDE) VBA.
DPB , , Office PowerShell.
PowerShell .
NVISO Labs, VBA, PowerShell, ActiveX, .
VBA - . , , (). DLL. DLL , , , , .
NVISO Labs, " , , , ".
, " ( ) ".
— , .
( 50 % ) AZORult, , . AgentTesla, Formbook, Matiex njRat, Azorult njRAT .
(EDR) (AV). Office . PowerShell, .
(maldoc), , . :
, , .
, .
(Endpoint Protection) .
.
— , , .
— , .
:
Epic Manchego, NVISO Labs.
.NET , ZDNet.