I published the following diary on isc.sans.org: “Malicious AutoIT script delivered in a self-extracting RAR file“.
Here is another sample that hit my curiosity. As usual, the infection vector was an email which delivered some HTML code in an attached file called “PO_5634_780.docx.html” (SHA1:d2158494e1b9e0bd85e56e431cbbbba465064f5a). It has a very low VT score (3/56) and contains a simple escaped Javascript code… [Read more]
[The post [SANS ISC] Malicious AutoIT script delivered in a self-extracting RAR file has been first published on /dev/random]
Article Link: https://blog.rootshell.be/2017/08/25/sans-isc-malicious-autoit-script-delivered-self-extracting-rar-file/