I published the following diary on isc.sans.edu: “A Fork of the FTCode Powershell Ransomware“:
Yesterday, I found a new malicious Powershell script that deserved to be analyzed due to the way it was dropped on the victim’s computer. As usual, the malware was delivered through a malicious Word document with a VBA macro. A first observation reveals that it’s a file less macro. The malicious Base64 code is stored in multiples environment variables that are concatenated then executed through an IEX command… [Read more]
The post [SANS ISC] A Fork of the FTCode Powershell Ransomware appeared first on /dev/random.
1 post – 1 participant