.. /.Ps1

Executable

Script

Contributors:

mr.d0x

Description:

PS1 is a Windows PowerShell file. PowerShell is a Windows scripting language. PowerShell is often used by fileless malware to run in memory making them more dangerous and harder to detect.

OS:

Windows

Recommendation:

Block the download and execution of PS1 files.

Resources:

https://www.varonis.com/blog/fileless-malware/

https://cofense.com/analysts-view-surging-powershell-based-malware/

File Samples:

https://www.joesandbox.com/analysis/444594/0/html

https://www.joesandbox.com/analysis/436762/0/html