CyberChef for mal doc analysis

Recipe for Cyberchef

Strings('Single byte',258,'All printable chars (A)',false,false,false)

Find_/_Replace({'option':'Regex','string':'[\\[\\]\\n_]'},'',true,false,true,false)

Drop_bytes(0,124,false)

From_Base64('A-Za-z0-9+/=',true,false)

Decode_text('UTF-16LE (1200)')

Find_/_Replace({'option':'Regex','string':'[\'()+\'"`]'},'',true,false,true,false)

Find_/_Replace({'option':'Simple string','string':']b2H_'},'http',true,false,true,false)

Extract_URLs(false,false,false)

Split('@','\\n')

Defang_URL(true,true,true,'Valid domains and full URLs')