SANS ISC

[SANS ISC] Malicious AutoIT script delivered in a self-extracting RAR file

I published the following diary on isc.sans.org: “Malicious AutoIT script delivered in a self-extracting RAR file“.

Here is another sample that hit my curiosity. As usual, the infection vector was an email which delivered some HTML code in an attached file called “PO_5634_780.docx.html” (SHA1:d2158494e1b9e0bd85e56e431cbbbba465064f5a). It has a very low VT score (3/56) and contains a simple escaped Javascript code… [Read more]

One comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.