- Feb 7, 2023
- 2,349
Once it’s on VT you can send them the hash. Explain that it is infostealer. Dr Web is wrong, the sample is quite functional. It is packed with some rubbish modules that I don’t believe serve any purpose to avoid transmission to clouds and emulators. Because it’s modules and not just repetitive bytes, compression doesn’t really make it smaller. Only build.exe is functional and malicious.You probably have to send it directly to their email
Last edited: