You are right about everything. Kaspersky and ESET have very accurate detection. If you see a detection from them on VT, then that file is probably malicious. I always check them first to see the detection.
A interesting fully undetectable malware (until now)
- Thread starter XylentAntivirus
- Start date
- May 9, 2024
- 101
I find a issue on my side and fixed. I think it should detect right now because I broke code before.
- Jun 22, 2020
- 189
ok Bitdefender detected for ATC and now for signatures :3
Trojan.Agent.GLUC
Trojan.Agent.GLUC
- Sep 2, 2021
- 2,586
ok Bitdefender detected for ATC and now for signatures :3
Trojan.Agent.GLUC
3/4 days after my submission, like Avast...
- Feb 7, 2023
- 2,349
Signatures on this file are useless. Attackers repack it frequently. Only behavioural detections would work.
- Jan 6, 2022
- 520
Even Deep Learning Models are trending down. Too easy to evade/fool.
Even Analysts can be fooled. This is one of my favs that I posted. This one is a MS Threat Analyst
Malware Analysis - Evasive Sample - Bypassed MS
Signed sample pretending to be TeamViewer. It is a password stealer. As a DFIR Specialist it's easy to me. After submitting the sample to Microsoft... They said the file was clean. File has been in the wild for a week now. Welcome to the current state of insecurity. Happy hunting! VirusTotal
malwaretips.com
Xcitium Analyst Fooled
Malware Analysis - Malware/PUA listed as clean (again)
Found this at a customer. It was blocked but upon further inspection I saw that Xcitium marks the files as clean. Their human analyst also concluded its clean. ITS NOT. https://verdict.xcitium.com/get_info?sha1=caaa052ae05d6032d8361e61fa22a686c6b5a392...
malwaretips.com
Last edited:
- Feb 7, 2023
- 2,349
That’s not from now. Deep Learning in the form of static analysis has always suffered with packers, because the only feature it can extract is that the file is packed. In some cases, this will be enough trigger detection. With the electron packages, it is not. They are very variable.
This kind of malware is better handled by reputation and behaviour.
There is no simple method is that is best and bulletproof, rather an ensemble of methods works together to provide what’s best for the case.
Signatures most of the time are useless. There are many groups abusing the electron package to distribute stealers and they push new variants daily.
- Jan 6, 2022
- 520
Agreed. Static analysis for binaries is tricky for ML models. I do see how electron apps can be a bad match up for a well trained model.
- Feb 7, 2023
- 2,349
Bitdefender signature comes late, but on my test it identified at least 3 variants of this malware.
- Mar 16, 2019
- 3,862
The main culprit of this malware is this obfuscated js file which ESET detects:
Though a vendor like ESET who are extremely good at creating very smart behavioral signatures that might be able to detect some new future variants, the best defense against these stealers is behavior blocking as @Trident suggested. So, the likes of Bitdefender and Kaspersky are likely to spend less time creating signatures and more time on training their behavior blocker on new tactics.
lokamoka820
Level 22
- Mar 1, 2024
- 1,140
In your opinion, what is the best antivirus with behavioral detection?
- Feb 7, 2023
- 2,349
For home users Kaspersky, Bitdefender and ZoneAlarm, followed by Avast and Norton. You won’t go wrong with any of them.
Similar threads
