Malware Analysis Malware/PUA listed as clean (again)

Sandbox Breaker

Level 11
Thread author
Verified
Top Poster
Well-known
Jan 6, 2022
530
Found this at a customer. It was blocked but upon further inspection I saw that Xcitium marks the files as clean. Their human analyst also concluded its clean. ITS NOT.


 

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,593
Found this at a customer. It was blocked but upon further inspection I saw that Xcitium marks the files as clean. Their human analyst also concluded its clean. ITS NOT.


Could you share the sample please?
 

Shadowra

Level 37
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,616
Detected by CheckPoint Harmony ( Trojan.Win32.Agent.xataeo )

Capture d’écran 2023-06-28 180149.png

DeepInstinct too

image_2023-06-28_180327866.png
 

Sandbox Breaker

Level 11
Thread author
Verified
Top Poster
Well-known
Jan 6, 2022
530
There is no human analysis. This is a browser hijacker, there is no way a real human won’t see that. And it’s also an old one. The human analysis is just marketing.
That's a disgrace.

There is no human analysis. This is a browser hijacker, there is no way a real human won’t see that. And it’s also an old one. The human analysis is just marketing.
They are also still using the sample. Wierd how a two month old file is still being distributed.
 

Sandbox Breaker

Level 11
Thread author
Verified
Top Poster
Well-known
Jan 6, 2022
530
HAs anyone tried to execute this on a virtual machine or a sandboxed state, with the AV disabled, just to check what it does?
You can see the report here.

This one would be detected both with Kaspersky and Sophos engines.

@partha_roy it is a browser hijacker, it was mentioned above.
The malware family is "Agent". Funny. Kaspersky sig
 
  • Like
Reactions: Trident and Kongo

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top