BTS just updated its threat engine to v7.94981. Can you check whether it still detects?
Last edited:
Capcut fake stealer
- Thread starter likeastar20
- Start date
- Status
BTS just updated its threat engine to v7.94981. Can you check whether it still detects?
#sorrygomaster stealer
tria.ge
opentip.kaspersky.com
intelix.sophos.com
45392e18601c851f5dc2b7e725dec2c9cb0d97a1c67fe64c4ea8f19fe560437b | Triage
Check this report malware sample 45392e18601c851f5dc2b7e725dec2c9cb0d97a1c67fe64c4ea8f19fe560437b, with a score of 7 out of 10.
Kaspersky Threat Intelligence Portal
Kaspersky Threat Intelligence Portal allows you to scan files, domains, IP addresses, and URLs for threats, malware, viruses
Intelix Portal
Last edited by a moderator:
New Strela Stealer
tria.ge
strela | dbe8ea838881dbfc98b400c82aafc35b205af24418c5d058679a26aac6d0db97 | Triage
Check this strela report malware sample dbe8ea838881dbfc98b400c82aafc35b205af24418c5d058679a26aac6d0db97, with a score of 10 out of 10.
No, just wanted to share some new samples/stealers. Didnt want to create a new thread...
EDIT1: @Trident should I create a thread somewhere where i/we can share new samples? Malware Hub seems dead...
But the malwarehub had controlled access and these samples are out in the open… not sure if it’s a good idea to share them like that… better keep them here, it’s more concealed.
Can you upload this to Opentip or try with Kaspersky?New Strela Stealer
strela | dbe8ea838881dbfc98b400c82aafc35b205af24418c5d058679a26aac6d0db97 | Triage
Check this strela report malware sample dbe8ea838881dbfc98b400c82aafc35b205af24418c5d058679a26aac6d0db97, with a score of 10 out of 10.
Opentip doesn't show any detection even after dynamic analysis. But I tested it in a VM a few hours ago. Kaspersky can detect it by System Watcher's PDM detection after execution.
9f37c8ca3285ea528cbf2327e3da9d46faa9426f47d7d843e9c4d3a0a57ee046 | Triage
Check this report malware sample 9f37c8ca3285ea528cbf2327e3da9d46faa9426f47d7d843e9c4d3a0a57ee046, with a score of 8 out of 10.
Last edited:
This one is a Ransomware. Detected by MD and ESET's LiveGuard. If LiveGuard is not available, then it can't detect or stop encryption. But now it's known to ESET cloud due to the LiveGuard's verdict so will be detected on all ESET systems.#stealer
9f37c8ca3285ea528cbf2327e3da9d46faa9426f47d7d843e9c4d3a0a57ee046 | Triage
Check this report malware sample 9f37c8ca3285ea528cbf2327e3da9d46faa9426f47d7d843e9c4d3a0a57ee046, with a score of 8 out of 10.
- Aug 17, 2014
- 12,726
- 123,827
- 8,399
Some hours ago, I just decided to re-analyze (longer runtime, etc.) on Hybrid:
I would try to test this sample in VMware 17 Pro against Bitdefender Free. If still undetected on static... I will add details and screenshots later
At the time of my test, BD has no signatures, static: 0/1 - dynamic: 1*/1
Sample immediately blocked without removal this time
I tried to execute this sample again for several times but keep blocked only even after 10 minutes. No files encrypted!
Source: https://www.hybrid-analysis.com/sam...d843e9c4d3a0a57ee046/64b782a0587dc92c0202b299
I would try to test this sample in VMware 17 Pro against Bitdefender Free. If still undetected on static... I will add details and screenshots later
At the time of my test, BD has no signatures, static: 0/1 - dynamic: 1*/1
Sample immediately blocked without removal this time
I tried to execute this sample again for several times but keep blocked only even after 10 minutes. No files encrypted!
Last edited:
#stealer
9f37c8ca3285ea528cbf2327e3da9d46faa9426f47d7d843e9c4d3a0a57ee046 | Triage
Check this report malware sample 9f37c8ca3285ea528cbf2327e3da9d46faa9426f47d7d843e9c4d3a0a57ee046, with a score of 8 out of 10.
Kaspersky : 1/1 (Encoder)
What has it encrypted?
Blocked by Deep Instinct's static AI
I had the same behavior on BDTS. Blocked but not removedSome hours ago, I just decided to re-analyze (longer runtime, etc.) on Hybrid:
Source: https://www.hybrid-analysis.com/sam...d843e9c4d3a0a57ee046/64b782a0587dc92c0202b299
I would try to test this sample in VMware 17 Pro against Bitdefender Free. If still undetected on static... I will add details and screenshots later
At the time of my test, BD has no signatures, static: 0/1 - dynamic: 1*/1
Sample immediately blocked without removal this time
View attachment 277301
Image files, doc files, zip files, etc.
- Aug 17, 2014
- 12,726
- 123,827
- 8,399
Update for my test with Bitdefender Free: VM was in suspended mode, I tried to check again, finally BD removed this sample to quarantine, detection named: Trojan.GenericKD...
Note: This will be my last post for testing samples, we all have to respect the new rules:
malwaretips.com
Note: This will be my last post for testing samples, we all have to respect the new rules:
By Staff - Malware Analysis Forum Rules
Malware Analysis Forum Rules A) Sample and URL sharing Always make sure to keep things safe No direct download links to suspicious or malicious samples are allowed, you can instead post hashes, virustotal links, or links to automatic sandbox analysis services like any.run, hybrid-analysis...
malwaretips.com
- Status
You may also like...
-
Another Evasive Discord Token Stealer Disguised as PC game 🎮☠️- Started by Kongo
- Replies: 32
-
Missed script malware by signature analysis- Started by Parkinsond
- Replies: 100
-
