Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Reader Malware: ZIP/HTML Phish - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Reader Malware: ZIP/HTML Phish

Reader Henry submitted a malicious email attachment: a ZIP file.

It contains a PNG file and a HTML file:

The HTML file contains a script with hexadecimal code, that can be decoded with

This is a phishing site for Microsoft credentials, that starts with a captcha:

There's something more to this zip file: that's for next diary entry.

Didier Stevens
Senior handler
Microsoft MVP


638 Posts
ISC Handler
Oct 23rd 2021

Sign Up for Free or Log In to start participating in the conversation!