Modiloader From Obfuscated Batch File, (Mon, Dec 23rd)
SANS Internet Storm Center, InfoCON: green 2024-12-23
Summary:
My last investigation is a file called “Albertsons_payment.GZ�, received via email. The file looks like an archive but is identified as a picture by TrID: