A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #29949  by Xylitol
 Fri Feb 10, 2017 11:24 pm
Ransomware delivered via spam, there is a detailed article here about sage https://isc.sans.edu/forums/diary/Sage+ ... are/21959/
i found that by error, mail is disguised as Paypal and leading user on malware download and so it was positive to my my phishing filters, i wasn't expecting this. :ugeek:

hostile link: https://www.virustotal.com/en/url/2d5d2 ... 486767022/
js downloader: https://www.virustotal.com/en/file/e66b ... 486767034/ leading on https://www.virustotal.com/en/url/68d26 ... 486817871/
sage: https://www.virustotal.com/en/file/ac3f ... 486754324/
call home: mbfce24rgn65bx3g.op7su2.com - https://www.virustotal.com/en/ip-addres ... formation/
Attachments
infected
(228.64 KiB) Downloaded 170 times
 #29951  by xors
 Sat Feb 11, 2017 11:47 pm
One more
Attachments
password:infected
(210.8 KiB) Downloaded 138 times