Reader Malware: ZIP/HTML Phish

Published: 2021-10-23. Last Updated: 2021-10-23 22:07:58 UTC
by Didier Stevens (Version: 1)
0 comment(s)

Reader Henry submitted a malicious email attachment: a ZIP file.

It contains a PNG file and a HTML file:

The HTML file contains a script with hexadecimal code, that can be decoded with base64dump.py:

This is a phishing site for Microsoft credentials, that starts with a captcha:

There's something more to this zip file: that's for next diary entry.

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com

Keywords:
0 comment(s)

YARA Release v4.1.3

Published: 2021-10-23. Last Updated: 2021-10-23 08:52:58 UTC
by Didier Stevens (Version: 1)
0 comment(s)

This new release of YARA is just a bug fix release.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com

Keywords:
0 comment(s)

Comments

Login here to join the discussion.


Diary Archives