Ranstop stops zero-day, script-based Spora variant – TEMASOFT Lab Demo

Case subject – A zero-day Spora variant packed as a command line script

Today’s test uses a zero-day variant of Spora, disguised as a command line script. The file is distributed via email campaigns and, on execution, starts Microsoft Word and launches a background process that performs the actual encryption.

At the time of the recording, the package was not detected by any anti-virus engines listed on Virustotal and the payload was detected by 17 out of 61 solutions.

Case facts

TEMASOFT Ranstop detected the ransomware within several seconds, time in which the malware encrypted several tens of files. Next, the compromised files were recovered and, in parallel, the clean-up process removed the residual encrypted files and ransom notes. The malware executable was quarantined and an incident was logged in the TEMASOFT Ranstop Console.

Case Conclusion

TEMASOFT Ranstop managed to successfully block this zero-day ransomware packed in a way that eludes all anti-virus engines on Virustotal, and whose payload escapes most AV engines, at the time of the test.


Click here to watch TEMASOFT Ranstop in action (video)!

Virustotal details for the package;
Virustotal details for the payload;

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.