Reader Malware: ZIP/HTML Phish
Reader Henry submitted a malicious email attachment: a ZIP file.
It contains a PNG file and a HTML file:
The HTML file contains a script with hexadecimal code, that can be decoded with base64dump.py:
This is a phishing site for Microsoft credentials, that starts with a captcha:
There's something more to this zip file: that's for next diary entry.
Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com
Keywords:
0 comment(s)
YARA Release v4.1.3
This new release of YARA is just a bug fix release.
Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com
Keywords:
0 comment(s)
×
Diary Archives
Comments