Malware Analysis Malware/PUA listed as clean (again)

Sandbox Breaker

Sandbox Breaker

Level 11
Thread author
Verified
Top Poster
Well-known
Jan 6, 2022
520
Found this at a customer. It was blocked but upon further inspection I saw that Xcitium marks the files as clean. Their human analyst also concluded its clean. ITS NOT.

verdict.xcitium.com

Xcitium Cloud Verdict

Scan Files Online using Comodo File Verdict Service that runs tens of different methods to analyze a file and display the detailed results in seconds
verdict.xcitium.com verdict.xcitium.com

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
 
  • Like
  • HaHa
Reactions: Zartarra, Nevi, simmerskool and 7 others
Kongo

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
Sandbox Breaker said:
Found this at a customer. It was blocked but upon further inspection I saw that Xcitium marks the files as clean. Their human analyst also concluded its clean. ITS NOT.

verdict.xcitium.com

Xcitium Cloud Verdict

Scan Files Online using Comodo File Verdict Service that runs tens of different methods to analyze a file and display the detailed results in seconds
verdict.xcitium.com verdict.xcitium.com

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
Click to expand...
Could you share the sample please?
 
  • Like
Reactions: Nevi, roger_m, Dave Russo and 1 other person
Shadowra

Shadowra

Level 36
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,586
Detected by CheckPoint Harmony ( Trojan.Win32.Agent.xataeo )

Capture d’écran 2023-06-28 180149.png

DeepInstinct too

image_2023-06-28_180327866.png
 
  • Like
  • Applause
Reactions: Nevi, roger_m, simmerskool and 3 others
Sandbox Breaker

Sandbox Breaker

Level 11
Thread author
Verified
Top Poster
Well-known
Jan 6, 2022
520
Trident said:
There is no human analysis. This is a browser hijacker, there is no way a real human won’t see that. And it’s also an old one. The human analysis is just marketing.
Click to expand...
That's a disgrace.

Trident said:
There is no human analysis. This is a browser hijacker, there is no way a real human won’t see that. And it’s also an old one. The human analysis is just marketing.
Click to expand...
They are also still using the sample. Wierd how a two month old file is still being distributed.
 
  • Like
Reactions: roger_m, Trident and Kongo
Sandbox Breaker

Sandbox Breaker

Level 11
Thread author
Verified
Top Poster
Well-known
Jan 6, 2022
520
partha_roy said:
HAs anyone tried to execute this on a virtual machine or a sandboxed state, with the AV disabled, just to check what it does?
Click to expand...

147e1b5a750fbfd8863449d523e3d6d110defceb74ad9cdb7c939ab75ffa2180 | Triage

Check this report malware sample 147e1b5a750fbfd8863449d523e3d6d110defceb74ad9cdb7c939ab75ffa2180, with a score of 8 out of 10.
tria.ge tria.ge
You can see the report here.

Trident said:
This one would be detected both with Kaspersky and Sophos engines.

@partha_roy it is a browser hijacker, it was mentioned above.
Click to expand...
The malware family is "Agent". Funny. Kaspersky sig
 
  • Like
Reactions: Trident and Kongo
You must log in or register to reply here.

Similar threads

Sandbox Breaker
    • Like
    • +Reputation
Signed Sample - Very Suspect
Replies
5
Views
1,112
Malware Analysis Archive
harlan4096
harlan4096
Kongo
    • Like
    • +Reputation
Malware Analysis Upcoming Steam game abused by hackers to spread stealer malware
Replies
1
Views
410
Malware Analysis
Bot
Bot
Kongo
    • Like
    • +Reputation
    • Hundred Points
  • Locked
Malware Analysis Another Evasive Discord Token Stealer Disguised as PC game 🎮☠️
Replies
32
Views
2,114
Malware Analysis
struppigel
struppigel

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top