Hi all.
I made an analysis of a ransomware malware, and the detection ratio is not so high.
Here is the VirusTotal results: https://www.virustotal.com/it/file/...0f0d465a8e8a1f5a53c6e875f6eba676678/analysis/
Detection ratio: 9/56
It is a ransomware, and Malwarebytes, as you can see, detects it as Ransom.TeslaCrypt.
Here are the host contacted:
And here are the IPs contacted:
Please be sure to do not open this sites on your web browser, they could be really dangerous!
Here are additional informations about the malware:
Filename: ooswbd.exe
MD5: ff647c0de1d0186f5e5e9819d09829d0
SHA1: 125f6d0820632b15e527a00f49dcf4556627084c
SHA256: 78d384fec2fed75aac1d42c1399fc0f0d465a8e8a1f5a53c6e875f6eba676678
I've also scanned 2 of the links above with JM Web Filter, and it detected them as surely malicious:
I made an analysis of a ransomware malware, and the detection ratio is not so high.
Here is the VirusTotal results: https://www.virustotal.com/it/file/...0f0d465a8e8a1f5a53c6e875f6eba676678/analysis/
Detection ratio: 9/56
It is a ransomware, and Malwarebytes, as you can see, detects it as Ransom.TeslaCrypt.
Here are the host contacted:
Code:
toolaria.com
diwali2k15.in
samuday.org
maxmpl.comAnd here are the IPs contacted:
Code:
160.153.49.102
64.20.35.186
50.31.14.17
103.27.87.88Please be sure to do not open this sites on your web browser, they could be really dangerous!
Here are additional informations about the malware:
Filename: ooswbd.exe
MD5: ff647c0de1d0186f5e5e9819d09829d0
SHA1: 125f6d0820632b15e527a00f49dcf4556627084c
SHA256: 78d384fec2fed75aac1d42c1399fc0f0d465a8e8a1f5a53c6e875f6eba676678
I've also scanned 2 of the links above with JM Web Filter, and it detected them as surely malicious:
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
