Evasive VBS with very low VT

Status
Not open for further replies.
Trident

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,737
Kongo said:
Thanks guys for the explanation. I should really look more into Harmony... Even if I was a little sceptical it now seems like a well thought-through solution to me. (y)
Click to expand...
I am not gonna use something inferior :D
It's well thought out because you have Next-Gen AV that does the static analysis.
Then you have Kaspersky/Sophos to do the dynamic analysis and signatures.
ThreatCloud does the hash-based detection.
Full-blown emulation is available for true zero-days.
And finally, behavioural guard, anti-bot, anti-exploit, anti-ransomware and forensics cover runtime detections.
Malicious URL filter can block phishing, spam as well as secondary payloads from being downloaded.

That's every corner covered.
 
  • Like
  • +Reputation
Reactions: Nevi, SeriousHoax, roger_m and 2 others
Sandbox Breaker

Sandbox Breaker

Level 9
Thread author
Verified
Well-known
Jan 6, 2022
435
Trident said:
I am not gonna use something inferior :D
It's well thought out because you have Next-Gen AV that does the static analysis.
Then you have Kaspersky/Sophos to do the dynamic analysis and signatures.
ThreatCloud does the hash-based detection.
Full-blown emulation is available for true zero-days.
And finally, behavioural guard, anti-bot, anti-exploit, anti-ransomware and forensics cover runtime detections.
Malicious URL filter can block phishing, spam as well as secondary payloads from being downloaded.

That's every corner covered.
Click to expand...
Then they have @Trident and me to squash the remaining.
 
  • HaHa
Reactions: SeriousHoax, simmerskool, Kongo and 1 other person
Shadowra

Shadowra

Level 34
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,309
Kongo said:
That was the reason why I tried to be sceptical as long as possible.. 😌
But no, Deep Instinct still seems like the better solution for my personal PC usage.
Click to expand...

Personally, I'm still testing Harmony on my virtual machine to see if everything is OK.
I've installed it on my mother's and my girlfriend's PCs to see too. My brother should be able to use it too.

And if all goes well, I'll be leaving DeepInstinct (which bothers me because I really like it, but I'm getting fed up with its AI and its false positives... ) and migrate to Harmony.
 
  • Like
  • +Reputation
Reactions: Nevi, simmerskool, Trident and 1 other person
Kongo

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,505
Shadowra said:
Personally, I'm still testing Harmony on my virtual machine to see if everything is OK.
I've installed it on my mother's and my girlfriend's PCs to see too. My brother should be able to use it too.

And if all goes well, I'll be leaving DeepInstinct (which bothers me because I really like it, but I'm getting fed up with its AI and its false positives... ) and migrate to Harmony.
Click to expand...
Do that and I will be the only one using Deep Instinct here on MT at the moment. Then I can feel special again. 😄
But yeah, I would lie if I said that I wasn't inclined in trying Harmony by myself...
 
  • HaHa
  • Wow
Reactions: Nevi, Trident and Shadowra
Sandbox Breaker

Sandbox Breaker

Level 9
Thread author
Verified
Well-known
Jan 6, 2022
435
Shadowra said:
Personally, I'm still testing Harmony on my virtual machine to see if everything is OK.
I've installed it on my mother's and my girlfriend's PCs to see too. My brother should be able to use it too.

And if all goes well, I'll be leaving DeepInstinct (which bothers me because I really like it, but I'm getting fed up with its AI and its false positives... ) and migrate to Harmony.
Click to expand...
It's not hard to bypass (DI). With some work it's not hard. I like em to bro
 
  • Like
  • Wow
  • HaHa
Reactions: Nevi, simmerskool, Trident and 2 others
Trident

Trident

Level 28
Verified
Top Poster
Well-known
Feb 7, 2023
1,737
Kongo said:
Do that and I will be the only one using Deep Instinct here on MT at the moment. Then I can feel special again. 😄
Click to expand...
I used it long time ago, before I decide to deploy it here and there on business machines. I never deployed it fully, It didn't win my heart enough.
One of the DI founders is an ex-check pointer. There is a slight beef between the 2 companies.
 
  • Like
  • Wow
Reactions: SeriousHoax, simmerskool, Shadowra and 1 other person
Sandbox Breaker

Sandbox Breaker

Level 9
Thread author
Verified
Well-known
Jan 6, 2022
435
  • HaHa
  • Wow
  • Like
Reactions: [correlate], SeriousHoax, simmerskool and 3 others
Status
Not open for further replies.

Similar threads

L
    • Like
    • +Reputation
Evasive Sample
Replies
12
Views
1,683
Malware Analysis Archive
piquiteco
piquiteco
Sandbox Breaker
    • Like
    • +Reputation
Signed Sample - Very Suspect
Replies
5
Views
783
Malware Analysis Archive
harlan4096
harlan4096
Sandbox Breaker
    • Like
    • +Reputation
    • Applause
Malware Analysis Mystic Stealer Bypassing Sandboxes
Replies
50
Views
2,809
Malware Analysis Archive
Trident
Trident

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top