k1ul3ss Posted April 6, 2016 ID:1031894 Share Posted April 6, 2016 I had a strange instance happen while testing a ransomware sample against MBAR. The sample was a variant of TeslaCrypt. When the sample was first run on the system, It was detected by MBAR. I then ran the sample a second time to show a co-worker. This time it was not detected, and encrypted files on the system. I have attached the files below for your review. Malware: TeslaCrypt MD5: b3c00819cc192c93b295e53cc5df37ce Virustotal analysis: https://virustotal.com/en/file/8c699e0b4fcaf632fd3c07808da0cc77aad6f219640e00690496a56bfed3b0d6/analysis/ Encrypted File.zip Malwarebytes Anti-Ransomware.zip MBAMService.zip Link to post Share on other sites More sharing options...
1PW Posted April 6, 2016 ID:1031901 Share Posted April 6, 2016 Hello k1ul3ss: Thank you kindly for the great data! Please confirm if the system in question was using Windows 7, 32-bit, and without Service Pack 1. Besides MBARW Beta6 (v0.9.15.416), what are the details of the other full-time, installed applications that make up that system's defense arsenal? Thank you again for participating in the beta testing of MBARW. Link to post Share on other sites More sharing options...
k1ul3ss Posted April 6, 2016 Author ID:1031950 Share Posted April 6, 2016 The OS is Windows 7, 32-Bit without Service Pack 1. The only security software installed is MBARW. Thanks Link to post Share on other sites More sharing options...
1PW Posted April 6, 2016 ID:1031973 Share Posted April 6, 2016 Thank you for the update. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now