It has been a while since I discussed obfuscation techniques in malicious scripts. I found a VB script that pretends to be a PDF file. As usual, it was delivered through a phishing email with a zip archive. The filename is “rfw_po_docs_order_sheet_01_10_202400000000_pdf.vbs” (SHA256:6e6ecd38cc3c58c40daa4020b856550b1cbaf1dbc0fad517f7ca26d6e11a3d75[1])
Article Link: https://isc.sans.edu/diary/rss/30558