March 29, 2017 by Malwarebytes Labs
Sage is yet another ransomware that has become a common threat nowadays. Similarly to Spora, it has capabilities to encrypt files offline. The malware is actively developed and currently, we are facing an outbreak of version 2.2. of this product.
Analyzed samples
3686b6642cf6a3d97e368590557ac3f2 – JS downloader
d8226b7697524c60eddd22a46b588ff7 – original payload (dropped by the script)
159af0102877e71a1c3f5468bd02a8f3 – unpacked payload
Distribution method
Most often, Sage is dropped by downloader scripts distributed via phishing e-mails (office documents with malicious macros or standalone JS files). In the analyzed case, the sample was dropped via a JavaScript file.
Full Article
Take a look at the best antivirus, anti-malware, anti-spy, etc. software
Powered by WPeMatico