|
Reader Henry submitted a malicious email attachment: a ZIP file. It contains a PNG file and a HTML file:
The HTML file contains a script with hexadecimal code, that can be decoded with base64dump.py:
This is a phishing site for Microsoft credentials, that starts with a captcha:
There's something more to this zip file: that's for next diary entry. Didier Stevens |
DidierStevens 638 Posts ISC Handler Oct 23rd 2021 |
| Thread locked Subscribe |
Oct 23rd 2021 6 months ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
