Reader Henry submitted a malicious email attachment: a ZIP file.
It contains a PNG file and a HTML file:
The HTML file contains a script with hexadecimal code, that can be decoded with base64dump.py:
This is a phishing site for Microsoft credentials, that starts with a captcha:
There’s something more to this zip file: that’s for next diary entry.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Source: Read More (SANS Internet Storm Center, InfoCON: green)