Read the original article: A Fork of the FTCode Powershell Ransomware, (Thu, Aug 6th)
Yesterday, I found a new malicious Powershell script that deserved to be analyzed due to the way it was dropped on the victim's computer. As usual, the malware was delivered through a malicious Word document with a VBA macro. A first observation reveals that it's a file less macro. The malicious Base64 code is stored in multiples environment variables that are concatenated then executed through an IEX command:
Read the original article: A Fork of the FTCode Powershell Ransomware, (Thu, Aug 6th)