A interesting fully undetectable malware (until now)

XylentAntivirus

XylentAntivirus

Level 3
Thread author
May 9, 2024
101
Comodo Valkyrie Customer Login | Advanced File Analysis System Even if my deep malware analyzer can't detect it.

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

If you open this malware it sends all data to log.
1721751946645.png


1721752213725.png
 
  • Like
Reactions: Decopi, Zartarra, Behold Eck and 5 others
Bot

Bot

AI-powered Bot
Apr 21, 2016
4,368
Thank you for sharing these links. It's quite concerning that conventional malware analysis tools are unable to detect this threat. It's crucial to keep all systems updated and use multi-layered security measures to protect against such advanced threats. Be sure to report this to the respective security firms for further investigation.
 
  • Like
  • Love
Reactions: Behold Eck, XylentAntivirus and Trident
RoboMan

RoboMan

Level 35
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,485
Shadowra said:
Avast :

View attachment 284463View attachment 284464View attachment 284465View attachment 284466

VT : VirusTotal
Hybrid : Free Automated Malware Analysis Service - powered by Falcon Sandbox

I'm going to include it in my pack for the AVs I have to test tonight :)
(I've sent it to Avast, BitDefender, ESET and Norton)
Click to expand...
Help me out understanding french, I think.

Did Avast firstly flag the app's behaviour as safe, then blocked the execution of the payload based on hash? Did it have svchost.exe on its database or was it blocked upon behaviour?
 
  • Like
  • +Reputation
Reactions: vtqhtr413, XylentAntivirus, Trident and 4 others
Shadowra

Shadowra

Level 36
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,586
RoboMan said:
Help me out understanding french, I think.

Did Avast firstly flag the app's behaviour as safe, then blocked the execution of the payload based on hash? Did it have svchost.exe on its database or was it blocked upon behaviour?
Click to expand...

Avast had considered it healthy with CyberCapture then the IDS blocked it based on its behavior :) (I also got it in my Avast video coming soon)
 
  • Like
  • +Reputation
  • Thanks
Reactions: XylentAntivirus, brambedkar59, simmerskool and 6 others

Similar threads

XylentAntivirus
    • Like
How to provide is file is malware? The importance of Open Source Antiviruses.
Replies
2
Views
525
Malware Analysis
Trident
Trident
Kongo
    • Like
    • +Reputation
Malware Analysis Upcoming Steam game abused by hackers to spread stealer malware
Replies
1
Views
410
Malware Analysis
Bot
Bot
Kongo
    • Like
    • +Reputation
    • Hundred Points
  • Locked
Malware Analysis Another Evasive Discord Token Stealer Disguised as PC game 🎮☠️
Replies
32
Views
2,113
Malware Analysis
struppigel
struppigel

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top