New Anatova Ransomware Supports Modules for Extra Functionality

[M.Poorya]

Quote

 

A new ransomware family popped on the radar of analysts, who see it as a serious threat created by skilled authors that can turn it into a multifunctional piece of malware.

Infections with Anatova have been reported all over the world, most of them being in the United States, followed by countries in Europe (Belgium, Germany, France, the UK).
...
..
The ransomware includes an anti-analysis routine that gets triggered under certain conditions. Once launched, the ransomware asks for admin privileges, runs a few checks and then encrypts files on the computer and then demands 10 DASH coins, currently valued at $700.

Modular architecture
...
...
Anti-analysis process
Anatova tried to make the ransomware more resilient to analysis attempts by embedding a memory cleaning procedure that activates in certain situations.
Among the first actions it takes is to check the username of the logged in user. If the name is a match with one on an internal list, the ransomware deploys the cleaning process and exits.
Although the list of names Anatova checks is short, it may protect it from being checked by less careful malware analysts.

It includes the following strings: 'LaVirulera,' 'tester,' 'Tester,' 'analyst,' 'Analyst,' 'lab,' 'Lab,' 'Malware,' and 'malware.'
...
...

https://www.bleepingcomputer.com/news/security/new-anatova-ransomware-supports-modules-for-extra-functionality/

 

Threat Analysis report

https://www.virustotal.com/#/file/170fb7438316f7335f34fa1a431afc1676a786f1ad9dee63d78c3f5efd3a0ac0
https://www.hybrid-analysis.com/sample/170fb7438316f7335f34fa1a431afc1676a786f1ad9dee63d78c3f5efd3a0ac0

Disclaimer

This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
We encourage you to compare these results with others and take informed decisions on what security products to use.
Before buying an antivirus you should consider factors such as price, ease of use, compatibility and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.