Malware Analysis Malware/PUA listed as clean (again)

Sandbox Breaker

Sandbox Breaker

Level 9
Thread author
Verified
Well-known
Jan 6, 2022
435
Found this at a customer. It was blocked but upon further inspection I saw that Xcitium marks the files as clean. Their human analyst also concluded its clean. ITS NOT.

verdict.xcitium.com

Xcitium Cloud Verdict

Scan Files Online using Comodo File Verdict Service that runs tens of different methods to analyze a file and display the detailed results in seconds
verdict.xcitium.com verdict.xcitium.com

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
 
  • Like
  • HaHa
Reactions: Zartarra, Nevi, simmerskool and 7 others
Kongo

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,505
Sandbox Breaker said:
Found this at a customer. It was blocked but upon further inspection I saw that Xcitium marks the files as clean. Their human analyst also concluded its clean. ITS NOT.

verdict.xcitium.com

Xcitium Cloud Verdict

Scan Files Online using Comodo File Verdict Service that runs tens of different methods to analyze a file and display the detailed results in seconds
verdict.xcitium.com verdict.xcitium.com

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
Click to expand...
Could you share the sample please?
 
  • Like
Reactions: Nevi, roger_m, Dave Russo and 1 other person
Shadowra

Shadowra

Level 34
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,309
Detected by CheckPoint Harmony ( Trojan.Win32.Agent.xataeo )

Capture d’écran 2023-06-28 180149.png

DeepInstinct too

image_2023-06-28_180327866.png
 
  • Like
  • Applause
Reactions: Nevi, roger_m, simmerskool and 3 others
Sandbox Breaker

Sandbox Breaker

Level 9
Thread author
Verified
Well-known
Jan 6, 2022
435
Trident said:
There is no human analysis. This is a browser hijacker, there is no way a real human won’t see that. And it’s also an old one. The human analysis is just marketing.
Click to expand...
That's a disgrace.

Trident said:
There is no human analysis. This is a browser hijacker, there is no way a real human won’t see that. And it’s also an old one. The human analysis is just marketing.
Click to expand...
They are also still using the sample. Wierd how a two month old file is still being distributed.
 
  • Like
Reactions: roger_m, Trident and Kongo
Sandbox Breaker

Sandbox Breaker

Level 9
Thread author
Verified
Well-known
Jan 6, 2022
435
partha_roy said:
HAs anyone tried to execute this on a virtual machine or a sandboxed state, with the AV disabled, just to check what it does?
Click to expand...

147e1b5a750fbfd8863449d523e3d6d110defceb74ad9cdb7c939ab75ffa2180 | Triage

Check this report malware sample 147e1b5a750fbfd8863449d523e3d6d110defceb74ad9cdb7c939ab75ffa2180, with a score of 8 out of 10.
tria.ge tria.ge
You can see the report here.

Trident said:
This one would be detected both with Kaspersky and Sophos engines.

@partha_roy it is a browser hijacker, it was mentioned above.
Click to expand...
The malware family is "Agent". Funny. Kaspersky sig
 
  • Like
Reactions: Trident and Kongo
You must log in or register to reply here.

Similar threads

Sandbox Breaker
    • Like
    • +Reputation
Signed Sample - Very Suspect
Replies
5
Views
783
Malware Analysis Archive
harlan4096
harlan4096
Sandbox Breaker
    • Like
    • Applause
Malware Analysis Trusted File is actually TA505 Threat Actor (Found by Human)
Replies
8
Views
1,039
Malware Analysis Archive
Sandbox Breaker
Sandbox Breaker
Anthony Qian
    • +Reputation
    • Like
    • Thanks
New Update Avira expands its APC to support script malware
Replies
4
Views
1,288
Avira
Anthony Qian
Anthony Qian

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top