Reader Henry submitted a malicious email attachment: a ZIP file. It contains a PNG file and a HTML file: The HTML file contains a script with hexadecimal code, that can be decoded with base64dump.py: This is a phishing site for Microsoft credentials, that starts with a captcha: There's something more to this zip file: that's for next diary entry. Didier Stevens |
DidierStevens 638 Posts ISC Handler Oct 23rd 2021 |
Thread locked Subscribe |
Oct 23rd 2021 6 months ago |
Sign Up for Free or Log In to start participating in the conversation!