We uploaded "17045690_045147.img" to VirusTotal for scanning again.
Only 8 cyber security companies can identify it as a malicious file#.įigure 5: The scanning result of "17045690_045147.zip" on VirusTotalĪfter decompressing the “17045690_045147.zip” file, another file “17045690_045147.img” is extracted.įigure 6: A “17045690_045147.img” is extracted after decompression We uploaded "17045690_045147.zip" to VirusTotal for scanning. The downloaded zip file is shown inside the red frame. Therefore, when the HTML file is opened, the browser will immediately download a file named "17045690_045147.zip".įigure 4: The browser showed completion of downloading an unknown file. The code will convert the above obfuscated content to Blob format (Binary large object), and then put it in to a hyperlink element and trigger the download process.įigure 3: Converted to Blob format and triggered the download process When analysing the source code of the HTML document, a JavaScript code was shown, but the content is obfuscated by Base64 encoding.įigure 2: JavaScript code obfuscated by Base64 encodingĪs can be seen from another part of the code, the script which will be executed once opened the HTML file was found. The malicious HTML file is shown inside the red frame. Hackers will initially send a phishing email with a malicious HTML file attached and trick the victim into opening it.įigure 1: Example of the phishing email.
0 kommentar(er)
