Author Topic: Spora Ransomware (Read 4106 times)

Be Secure · « **on:** January 11, 2017, 09:23:55 AM »

Spora Ransomware

SHA256:   3fb2e50764dea9266ca8c20681a0e0bf60feaa34a52699cf2cf0c07d96a22553
File name:   spora.hta
Detection ratio:   9 / 55
Analysis date:   2017-01-11 08:20:29 UTC ( 0 minutes ago )
V.T-https://www.virustotal.com/en/file/3fb2e50764dea9266ca8c20681a0e0bf60feaa34a52699cf2cf0c07d96a22553/analysis/1484122829/
Avast failed to block this new sample(Ransomware). SUD to Avast Lab.

Malware Analysis Report: https://www.hybrid-analysis.com/sample/3fb2e50764dea9266ca8c20681a0e0bf60feaa34a52699cf2cf0c07d96a22553?environmentId=100

REDACTED · « **Reply #1 on:** February 16, 2017, 07:44:24 AM »

How do I get rid of this Malware? Avast does not even pick it up!

Pondus · « **Reply #2 on:** February 16, 2017, 08:03:00 AM »

Quote from: Dirk66 on February 16, 2017, 07:44:24 AM

How do I get rid of this Malware? Avast does not even pick it up!

Follow instructions here >> https://forum.avast.com/index.php?topic=194892.0
Then start your own topic and attach requested logs

REDACTED · « **Reply #3 on:** February 16, 2017, 08:27:49 AM »

i have test in vmware , avast blocked this ransomware . but avast doesnt delete the sample like .hta , .js

TrueIndian · « **Reply #4 on:** February 16, 2017, 11:55:26 AM »

I think its better off sending the undetected files to submit AT virus DOT avast DOT com.

Avast is detecting spora by the way:
https://virustotal.com/en/file/2637247ad66e6e57a68093528bb137c959cdbb438764318f09326fc8a79bdaaf/analysis/
https://virustotal.com/en/file/3251403ff9848ed520230a0fb8979ea4b5c8a4aa4e4a392da4c4458390f040db/analysis/

@ymchen did behav. shield pick up on the js file? because it should

Eddy · « **Reply #5 on:** February 16, 2017, 11:56:58 AM »

https://www.avast.com/faq.php?article=AVKB258

TrueIndian · « **Reply #6 on:** February 16, 2017, 12:02:54 PM »

FYI I found the .hta and js file that was reported and I have mailed it to avast

Ymchen,keep me posted on whether behav. shield picks it up or not.

REDACTED · « **Reply #7 on:** February 16, 2017, 01:09:21 PM »

Quote from: TI199 on February 16, 2017, 11:55:26 AM

I think its better off sending the undetected files to submit AT virus DOT avast DOT com.

Avast is detecting spora by the way:
https://virustotal.com/en/file/2637247ad66e6e57a68093528bb137c959cdbb438764318f09326fc8a79bdaaf/analysis/
https://virustotal.com/en/file/3251403ff9848ed520230a0fb8979ea4b5c8a4aa4e4a392da4c4458390f040db/analysis/

@ymchen did behav. shield pick up on the js file? because it should

this sample not a js file ,the file name extension is .hta , so behaviour shield doesnt pick up . i have test other new sample like .js file successfully blocked and quarantine sample by behaviour shield.

HonzaZ · « **Reply #8 on:** February 16, 2017, 04:52:24 PM »

I blocked the .hta files that TI199 sent me

TrueIndian · « **Reply #9 on:** February 16, 2017, 05:07:33 PM »

Quote from: HonzaZ on February 16, 2017, 04:52:24 PM

I blocked the .hta files that TI199 sent me

Thanks for protecting us!

Nice to hear ymchen

Author Topic: Spora Ransomware (Read 4106 times)

Be Secure

Spora Ransomware

REDACTED

Re: Spora Ransomware

Pondus

Re: Spora Ransomware

REDACTED

Re: Spora Ransomware

TrueIndian

Re: Spora Ransomware

Eddy

Re: Spora Ransomware

TrueIndian

Re: Spora Ransomware

REDACTED

Re: Spora Ransomware

HonzaZ

Re: Spora Ransomware

TrueIndian

Re: Spora Ransomware