Modiloader From Obfuscated Batch File, (Mon, Dec 23rd)

My last investigation is a file called “Albertsons_payment.GZ”, received via email. The file looks like an archive but is identified as a picture by TrID:

This article has been indexed from SANS Internet Storm Center, InfoCON: green

Read the original article: