Phishing Deception - Suspended Domains Reveal Malicious Payload for Latin American Region
released on 2024-04-05 @ 05:17:41 PM
This analysis examines a phishing campaign targeting the Latin American region, where the malicious email contains a ZIP file attachment with an HTML file that leads to a malicious file download disguised as an invoice. The campaign employs techniques like using newly created domains, geolocation-based redirection, and obfuscated code to evade detection and deliver malware payloads, exhibiting similarities to previous 'Horabot' campaigns.