Sage 2.0 Ransomware

Forum for analysis and discussion about malware.
Post Reply
User avatar
Xylitol
Global Moderator
Posts: 1660
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Sage 2.0 Ransomware

Post by Xylitol » Fri Feb 10, 2017 11:24 pm

Ransomware delivered via spam, there is a detailed article here about sage https://isc.sans.edu/forums/diary/Sage+ ... are/21959/
i found that by error, mail is disguised as Paypal and leading user on malware download and so it was positive to my my phishing filters, i wasn't expecting this. :ugeek:

hostile link: https://www.virustotal.com/en/url/2d5d2 ... 486767022/
js downloader: https://www.virustotal.com/en/file/e66b ... 486767034/ leading on https://www.virustotal.com/en/url/68d26 ... 486817871/
sage: https://www.virustotal.com/en/file/ac3f ... 486754324/
call home: mbfce24rgn65bx3g.op7su2.com - https://www.virustotal.com/en/ip-addres ... formation/
You do not have the required permissions to view the files attached to this post.

User avatar
xors
Posts: 145
Joined: Mon May 23, 2016 2:01 am

Re: Sage 2.0 Ransomware

Post by xors » Sat Feb 11, 2017 11:47 pm

One more
You do not have the required permissions to view the files attached to this post.
@xorsthingsv2

Post Reply