Spora Ransomware

Spora Ransomware

SHA256: 3fb2e50764dea9266ca8c20681a0e0bf60feaa34a52699cf2cf0c07d96a22553
File name: spora.hta
Detection ratio: 9 / 55
Analysis date: 2017-01-11 08:20:29 UTC ( 0 minutes ago )
V.T-https://www.virustotal.com/en/file/3fb2e50764dea9266ca8c20681a0e0bf60feaa34a52699cf2cf0c07d96a22553/analysis/1484122829/
Avast failed to block this new sample(Ransomware). SUD to Avast Lab.

[b]Malware Analysis Report: https://www.hybrid-analysis.com/sample/3fb2e50764dea9266ca8c20681a0e0bf60feaa34a52699cf2cf0c07d96a22553?environmentId=100[/b]

How do I get rid of this Malware? Avast does not even pick it up! :-[

Follow instructions here >> https://forum.avast.com/index.php?topic=194892.0
Then start your own topic and attach requested logs

i have test in vmware , avast blocked this ransomware . but avast doesnt delete the sample like .hta , .js

I think its better off sending the undetected files to submit AT virus DOT avast DOT com. :slight_smile:

Avast is detecting spora by the way:
https://virustotal.com/en/file/2637247ad66e6e57a68093528bb137c959cdbb438764318f09326fc8a79bdaaf/analysis/
https://virustotal.com/en/file/3251403ff9848ed520230a0fb8979ea4b5c8a4aa4e4a392da4c4458390f040db/analysis/

@ymchen did behav. shield pick up on the js file? because it should

https://www.avast.com/faq.php?article=AVKB258

FYI I found the .hta and js file that was reported and I have mailed it to avast :slight_smile:

Ymchen,keep me posted on whether behav. shield picks it up or not.

this sample not a js file ,the file name extension is .hta , so behaviour shield doesnt pick up . i have test other new sample like .js file successfully blocked and quarantine sample by behaviour shield.

I blocked the .hta files that TI199 sent me :wink:

Thanks for protecting us! :slight_smile:

Nice to hear ymchen