Last Updated: 2021-10-23 22:07:58 UTC
by Didier Stevens (Version: 1)
Reader Henry submitted a malicious email attachment: a ZIP file.
It contains a PNG file and a HTML file:
The HTML file contains a script with hexadecimal code, that can be decoded with base64dump.py:
This is a phishing site for Microsoft credentials, that starts with a captcha:
There's something more to this zip file: that's for next diary entry.