JS_POWMET malware is 100% fileless, from infection to payload

Discussion in 'malware problems & news' started by itman, Aug 2, 2017.

  1. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,267
    Location:
    U.S.A.
    https://www.scmagazine.com/search/Trend Micro/
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,267
    Location:
    U.S.A.
    Does the regsrv32 command line options look familiar folks?
    http://blog.trendmicro.com/trendlab...e/look-js_powmet-completely-fileless-malware/
     
  3. Sordid

    Sordid Registered Member

    Joined:
    Oct 25, 2011
    Posts:
    235
  4. NormanF

    NormanF Registered Member

    Joined:
    Feb 20, 2009
    Posts:
    2,361
    Culprit is Powershell. Disable it or remove it to mitigate fileless malware attacks.
     
  5. guest

    guest Guest

    there is several techniques to load powershell scripts without powershell.exe.
    This malware could be modified to do it.
     
  6. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,267
    Location:
    U.S.A.
    You stop malware like this by using a security solution that monitors what is written to registry run and run once keys. Anything after that point is a losing effort.
     
  7. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    8,868
    Location:
    U.S.A. (South)
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.