John Hammond
Yesterday I received an email to notify me of a case that looked like a malicious Google sponsored ad result. I tried to make sense of it, unraveling some obfuscated JavaScript, then stages of Batch and PowerShell (with some interesting code comments), leading to an InnoSetup installer of an unexpected SVN application -- a bundle pre-packaging the legitimate software, but with a modified malicious DLL.
May 27 at 1:00pmWeb
Show threadJohn HammondMay 27
Turns out to be what seems like an endpoint-specific derivative of a something seen as a browser-based phishing kit... that I don't know if I have seen many folks talk about before? 👀 I really had fun recording this one and poking through these -- also, I say "presumably" WAY too many times in this video. (... presumably) https://youtu.be/NIi4i9IjshM
Google served me Malware

YouTube