- Jan 6, 2022
- 530
Signed Sample of SectopRat that passed ASR Rule (Block exe until file meets trust criteria)
The file is not signed properly and is using fake wise cleaner CERT.
I am worried how this file at the time was only was seen on 2 machine globally was allowed to run.
SHA 1: a15f053b71cda0497efdec08b4680267b936024d
Microsoft Claims file is SIgned by Lespeed (MAKER OF WISE CLEANER)
Xcitium at the time was able to block and contain it. File was deemed unknown at the time. So this signed trick did not work with xcitium
The file is not signed properly and is using fake wise cleaner CERT.
I am worried how this file at the time was only was seen on 2 machine globally was allowed to run.
SHA 1: a15f053b71cda0497efdec08b4680267b936024d
Microsoft Claims file is SIgned by Lespeed (MAKER OF WISE CLEANER)
Xcitium at the time was able to block and contain it. File was deemed unknown at the time. So this signed trick did not work with xcitium