Analysis and Deobfuscation of Malicious VBScript URSnif Dropper

Introduction On June 25, 2020 I came across the following Tweet posted by @ps66uk emails have an originating IP of WHOIS: Indiana Department of Education@EducateIN — ps66uk (@ps66uk) June 25, 2020 It appears that the victims received a phishing email with a  link to download a ZIP file through Firefox Send. Upon downloading […]