Sage 2.0 Ransomware

Forum for analysis and discussion about malware.

Sage 2.0 Ransomware

Postby Xylitol » Fri Feb 10, 2017 11:24 pm

Ransomware delivered via spam, there is a detailed article here about sage https://isc.sans.edu/forums/diary/Sage+ ... are/21959/
i found that by error, mail is disguised as Paypal and leading user on malware download and so it was positive to my my phishing filters, i wasn't expecting this. :ugeek:

hostile link: https://www.virustotal.com/en/url/2d5d2 ... 486767022/
js downloader: https://www.virustotal.com/en/file/e66b ... 486767034/ leading on https://www.virustotal.com/en/url/68d26 ... 486817871/
sage: https://www.virustotal.com/en/file/ac3f ... 486754324/
call home: mbfce24rgn65bx3g.op7su2.com - https://www.virustotal.com/en/ip-addres ... formation/
You do not have the required permissions to view the files attached to this post.
User avatar
Xylitol
Global Moderator
 
Posts: 1620
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Reputation point: 479

Re: Sage 2.0 Ransomware

Postby xors » Sat Feb 11, 2017 11:47 pm

One more
You do not have the required permissions to view the files attached to this post.
@xorsthings
User avatar
xors
 
Posts: 128
Joined: Mon May 23, 2016 2:01 am
Location: Greece
Reputation point: 60


Return to Malware

Who is online

Users browsing this forum: No registered users and 5 guests