- Oct 16, 2022
- 128
Suspicious "game"
- Thread starter likeastar20
- Start date
- Status
- Oct 16, 2022
- 624
Windows Resource Protection found corrupted files and repaired them successfully.
For online repairs, the details are included in the CBS log file located at
windir\Logs\CBS.log. For example, C:\WindowsLogsCBS\CBS.log. For offline
offline, the details are included in the log file provided by the /OFFLOGFILE flag.
- Oct 16, 2022
- 128
- Oct 16, 2022
- 624
- Sep 2, 2021
- 2,630
- Oct 16, 2022
- 624
Kaspersk already added in their subscriptions, saw how fast their lab is 24 hours a day.
- Sep 2, 2021
- 2,630
- Oct 16, 2022
- 624
Now yes, I thought no AV was going to this thing, lol. Harmony is amazing product.
Yes, I had seen is that I mentioned to @harlan4096 that he had reported kaspersky(KSN) in post #37 and they added it in their definitions.
- Oct 16, 2022
- 624
These errors are superficial, lol if I tell you you will laugh until a few hours, I was not supposed to run sfc /scannow. If I restart my computer, then I can't write this message, only on my cellphone. If you want to know why? send me a PM, then I'll tell you here lol
- Oct 16, 2022
- 128
Lol! Sure, I have privately texted youThese errors are superficial, lol if I tell you you will laugh until a few hours, I was not supposed to run sfc /scannow. If I restart my computer, then I can't write this message, only on my cellphone. If you want to know why? send me a PM, then I'll tell you here lol
- Sep 2, 2021
- 2,630
He impresses me more and more.Now yes, I thought no AV was going to this thing, lol. Harmony is amazing product.
It's like Kaspersky for me, even though Kaspersky can't emulate it, unfortunately.
- Sep 2, 2021
- 2,630
- Oct 16, 2022
- 624
Wow, you detected it through behavior? DeepGuard is good too.
- Sep 2, 2021
- 2,630
Wow, you detected it through behavior? DeepGuard is good too.
During execution, the Trojan launches CMD and PowerShell actions. F-Secure has detected this. The Trojan remained in memory but inactive.
- Oct 16, 2022
- 624
And why didn't Bitdefender detect anything for me?
why don't i have discord installed?
- Oct 16, 2022
- 624
@Shadowra as it is all or nothing I installed Sandboxie, in fact now, I saw the Trojan initiate CMD and PowerShell actions in the sandbox.
Attachments
- Oct 16, 2022
- 624
@Shadowra And it was developed in Javascript based on the errors, from the msg box, and @struppigel is absolutely right in his assertions.
- Mar 16, 2019
- 3,867
I tested Bitdefender Free a few hours ago. BD blocks the C2 connection made by build.exe, so the malware couldn't do anything after. The C2 was already blacklisted by BD even before @likeastar20 shared the sample. Maybe for some reason, the C2 didn't/doesn't connect to your location.I ran crazydown and for me it had no effect, no detection by Bitdefender AV, no suspicious connections, just two processes running from build.exe that I kept monitoring and then it created some temporary files in the temp folder and they were the same files as the packaged crazydown.exe. I don't have Discord, but I do have edge and chrome. I was disappointed to expect something else from the malware.
Final results clean machine, tested on physical machine, nothing unusual if stolen or infected then hitched a ride with some Windows process and sent it to web, good luck to the one who stole it.
- Oct 16, 2022
- 624
Correct, so that is clarified. NextDNS I block the suspicious top-level domains (TLD), so it did not make the connection C2.
- Mar 16, 2019
- 3,867
Haha that's why. I always make my VM use a filter free DNS. Mine is set to use 1.1.1.1 & 8.8.8.8. Though using NextDNS would be better that you'll be able to have all the logs about the connections malware made. That's how @Trident tests. But make sure all filterings are off.Correct, so that is clarified. NextDNS I block the suspicious top-level domains (TLD), so it did not make the connection C2.
- Status
Similar threads
