Jump to content

Recommended Posts

A new attack has arisen and I wondered if your Premium version of Malewarebytes software stops the attack?

 

LINK

 

 

...security researchers have uncovered a new and sophisticated piece of malware that infects systems and steals data without installing any file onto the targeted system.
 
Researchers dubbed this persistent malware as Poweliks, which resides in the computer registry only and is therefore not easily detectable as other typical malware that installs files on the affected system which can be scanned by antivirus or anti-malware Software.
 
According to Paul Rascagneres, Senior Threat Researcher, Malware analyst at GData software, due to the malware’s subsequent and step-after-step execution of code, the feature set was similar to a stacking principles of Matryoshka Doll approach.
 
Paul has made a number of name ripping malware and bots to uncover and undermine cyber crimes. He won last years' Pwnie Award at Black Hat Las Vegas for tearing through the infrastructure of Chinese hacker group APT1.
 
In order to infect a system, the malware spreads via emails through a malicious Microsoft Word document and after that it creates an encoded autostart registry key and to remain undetectable it keeps the registry key hidden, Rascagneres says.
 
The malware then creates and executes shellcode, along with a payload Windows binary that tried to connect to ‘hard coded IP addresses’ in an effort to receive further commands from the attacker.

 

Link to post
Share on other sites

https://blog.gdatasoftware.com/blog/article/poweliks-the-persistent-malware-without-a-file.html

 

The Poweliks installer (creates the registry keys):
4727b7ea70d0fc00f96a28de7fa3d97fa9d0b253bd63ae54fbbf0bd0c8b766bb
e8d6943742663401e5c44a5fa9cfdd8fad6a9a0dc0f886dc77c065a86c0e10aa

 

https://www.virustotal.com/nb/file/4727b7ea70d0fc00f96a28de7fa3d97fa9d0b253bd63ae54fbbf0bd0c8b766bb/analysis/

https://www.virustotal.com/nb/file/e8d6943742663401e5c44a5fa9cfdd8fad6a9a0dc0f886dc77c065a86c0e10aa/analysis/

 

Office documents using CVE-2012-0158: File type is not targeted by MBAM
74e0d21fe9edf7baf489e29697fff8bc4a6af811e6fe3027842fe96f6a00a2d9 
88bc64e5717a856b01a04684c7e69114d309d52a885de9fc759e5a99ac20afd5

 

https://www.virustotal.com/nb/file/74e0d21fe9edf7baf489e29697fff8bc4a6af811e6fe3027842fe96f6a00a2d9/analysis/

https://www.virustotal.com/nb/file/88bc64e5717a856b01a04684c7e69114d309d52a885de9fc759e5a99ac20afd5/analysis/

Link to post
Share on other sites

Hi:

 

Welcome.
 

How does one remove the Poweliks malware?


Malware diagnosis and disinfection are conducted in a dedicated, specialized area of the forum.
If you think you might be infected, I suggest that you please follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.
A malware analyst will assist you with looking into your issue.

Thanks,

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.