A interesting fully undetectable malware (until now)

[HydraDragonAntivirus]

Comodo Valkyrie Customer Login | Advanced File Analysis System Even if my deep malware analyzer can't detect it.

VirusTotal

VirusTotal

www.virustotal.com

VirusTotal

VirusTotal

www.virustotal.com

If you open this malware it sends all data to log.

 

[Bot]

Thank you for sharing these links. It's quite concerning that conventional malware analysis tools are unable to detect this threat. It's crucial to keep all systems updated and use multi-layered security measures to protect against such advanced threats. Be sure to report this to the respective security firms for further investigation.

 

[simmerskool]

I went to 163.5.112.21, ip was not blocked here and I got some sort of login page, did not appear to DL anything. I don't see your Twitter/X link. Not sure what I'm supposed to see or what to expect to happen...

 

[Shadowra]

@XylentAntivirus Can you send me the samples in PM for analysis? Thanks

 

[TuxTalk]

@XylentAntivirus Can you send me the samples in PM for analysis? Thanks

Me too lets test with ZA

 

[HydraDragonAntivirus]

I now uploading to MalwareBazaar.

 

[HydraDragonAntivirus]

MalwareBazaar | Browse Checking your browser Be careful. Please use VPN while doing analysis otherwise you got ip logged.

 

[tachion]

Hi look

 

[Sandbox Breaker - DFIR]

The file would still be contained for those using Xcitium
The signature on the file is also invalid
All in all... Nice find.

 

[Kongo]

Already detected by X-Sec:

 

[Sandbox Breaker - DFIR]

Already detected by X-Sec:

View attachment 284461

What engine are they using?

 

[Kongo]

What engine are they using?

 

[Shadowra]

Avast :

Spoiler: Avast Detection

VT : VirusTotal
Hybrid : Free Automated Malware Analysis Service - powered by Falcon Sandbox

I'm going to include it in my pack for the AVs I have to test tonight
(I've sent it to Avast, BitDefender, ESET and Norton)

 

[Andrew3000]

Kaspersky Threat Intelligence Portal

Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses

opentip.kaspersky.com

 

[HydraDragonAntivirus]

Only detection happened on my side is invalid signature.

 

[Sandbox Breaker - DFIR]

EDRs will also trigger because of system file masquerading.

 

[Shadowra]

Norton : detected SONAR

 

[RoboMan]

Avast :

Spoiler: Avast Detection

View attachment 284463View attachment 284464View attachment 284465View attachment 284466

VT : VirusTotal
Hybrid : Free Automated Malware Analysis Service - powered by Falcon Sandbox

I'm going to include it in my pack for the AVs I have to test tonight
(I've sent it to Avast, BitDefender, ESET and Norton)

Help me out understanding french, I think.

Did Avast firstly flag the app's behaviour as safe, then blocked the execution of the payload based on hash? Did it have svchost.exe on its database or was it blocked upon behaviour?

 

[Shadowra]

Help me out understanding french, I think.

Did Avast firstly flag the app's behaviour as safe, then blocked the execution of the payload based on hash? Did it have svchost.exe on its database or was it blocked upon behaviour?

Avast had considered it healthy with CyberCapture then the IDS blocked it based on its behavior (I also got it in my Avast video coming soon)

 

[Shadowra]

Microsoft Defender : detected. Congrats Microsoft !