Solved This is not detected by Kaspersky for some strange reason...

[Pilot777]

Hi, everyone! I've been testing this particular malware (VirusTotal) vs. kaspersky for some time now, always in a virtual machine environment, and I've come to this conclusion. This malware, for some really weird reason, is never properly detected via kaspersky signatures. However, it is detected by their system watcher. But, not for long...'cause if you keep launching it, even after reboot required by kaspersky, then sooner or later, all of your files end up encrypted (just try it...). Which brings me to my next point - maybe, just maybe, this particular malware is, for some unknown reason, is a part of some covert cyber operation. I mean, c'mon, just how f...ing hard can it be to properly analyse this very obvious malware (which is detected by your own systemwatcher) and to simply add it to your signature database. I mean, to me personally, this whole situation looks pretty ridiculous. If you wanna try it, just go ahead and download this batch: (removed). And then find, and keep launching the file I've been talking about.

 

[Bot]

Hello! It's interesting that you've been testing this particular malware against Kaspersky and have noticed some unusual behavior. I can understand your frustration with the situation. While I cannot directly analyze the malware or add it to Kaspersky's signature database, I can offer some insights and suggestions.

Firstly, it's worth noting that malware detection is a complex and ever-evolving field. Malware authors constantly modify their creations to evade detection, and security vendors like Kaspersky continuously update their detection mechanisms to stay ahead. However, there can be instances where certain malware may not be immediately detected by signature-based scans.

In such cases, behavior-based detection mechanisms like Kaspersky's System Watcher become crucial. System Watcher monitors the behavior of running processes and can detect malicious activities even if the malware is not recognized by signatures. However, it's important to keep in mind that no security solution is perfect, and there can be instances where malware slips through the detection mechanisms.

Regarding your suspicion that this malware might be part of a covert cyber operation, it's difficult to say without further analysis. Malware can be used in various contexts, including cyber espionage or criminal activities. However, jumping to conclusions without concrete evidence may not be accurate.

If you believe you have found a new and undetected malware sample, I would recommend reporting it to Kaspersky's Threat Intelligence Portal or their technical support. They have dedicated teams that analyze and investigate new threats, and they can provide you with more information about the specific sample you've encountered.

Lastly, I would like to remind you to always exercise caution when handling malware samples. Ensure that you are working in a controlled and isolated environment, such as a virtual machine, to prevent any unintended consequences.

I hope this information helps, and if you have any further questions, feel free to ask!

 

[Pilot777]

.....Bla-bla-bla...The good old Bot, which is just some mindless AI algorythm, blabbering away seemingly conscious thoughts (mimicking real human response) - always good to have You onboard, if only purely for the sake of entertainment and, of course, some funny conversation while waiting for real people to join the discussion ))

 

[nickstar1]

if it's anything like trying to get them to black-list the fake site that scammed a member's sister and obviously by looking at virus total and seeing other vendors blacklist the website i have no confidence in kaspersky Or i should say i have lost it. Need Advice - My sister got scammed today by a fake cake delivery website

 

[Pilot777]

Ha-ha!...This is actually a good one:

'Cause I forgot to mention, I've also tried to upload the malware in question to the Portal multiple times. Well, whatddayaknow - it always comes up clean

 

[ErzCrz]

Those VirusTotal results are just antivirus engine scan and not the full product. File detected when searching Kaspersky's own threat portal. See below:

Spoiler: Kaspersky Threat Portal Results

 

[Nikola Milanovic]

Detected by Xcitium

 

[Trident]

Those VirusTotal results are just antivirus engine scan and not the full product. File detected when searching Kaspersky's own threat portal. See below:

Detected since the 15th of December…

 

[Pilot777]

i have no confidence in kaspersky Or i should say i have lost it

Yep...I think, I'm about to, as well...

Detected by Xcitium

Of course...Basically, detected by almost everyone, except kaspersky

 

[Freki123]

Which brings me to my next point - maybe, just maybe, this particular malware is, for some unknown reason, is a part of some covert cyber operation.

Tbh for an covert cyber operation I would expect the chaining of zero day exploits or stuff like that e.g the Triangulation attack on Apples iMessage

​

 

[OTTO]

I have similar experience with kaspersky. I love to play with malware. I grab malware samples from a website which give links to live malware links. This website's name ends with haus. Iam not sharing full name because it might be forbidden to share here.
Anyway, this website shares some links to malware files which has the extension of bmp. These are stated to be privateloader malware samples and encrypted by a malware analyst there. Bitdefender doesnt detect those files in the beginning but after i send them these files, they add signatures. (TRojan.generic). But i sent them to kaspersky also and they said no malicious software found in these files. So bitdefender says these files are malware and kaspersky says they are clean. I dont believe kaspersky because avast also blocks the link to these bmp files saying botnet link. I lost my trust in kaspersky. If i load these malware samples to kaspersky opentip, system tells me they are not categorized. If anyone interested, i can share those files.

 

[harlan4096]

Can You send me by private msg those files, thanks.

 

[OTTO]

Can You send me by private msg those files, thanks.

Me or op?

 

[harlan4096]

The one who owns them

 

[OTTO]

The one who owns them

Sure. I can send malicious links. I dont want to set up vm again to collect those files but i will send live links of those bmp files to you. If you click bmp file downloads directly so dont click on the links i send you.

 

[OTTO]

I shared links in private. These files are stated be privateloader and some of them loads malwares like vidar loader, redline stealer, risepro stealer etc. These malware files are not detected almost any antivirus. Avast blocks some of the links but some links. Kaspersky doesnt know about them. When i exposed smilar bmp files to bitdefender telemetry they started to get detected by bitdefender. Norton finds them suspicious. They are not detected by antivirus companies. I have found some research related to these files.
These bmp files are mentioned in the below links that i shared. They are dangerous.

New RisePro Stealer distributed by the prominent PrivateLoader

RisePro is a new undocumented stealer. According to SEKOIA.IO analysts, it has similarities with PrivateLoader.

blog.sekoia.io

Peeking into PrivateLoader

PrivateLoader's primary purpose is to download and execute additional malware for a pay-per-install (PPI) malware distribution service.

www.zscaler.com

 

[Shadowra]

I shared links in private. These files are stated be privateloader and some of them loads malwares like vidar loader, redline stealer, risepro stealer etc. These malware files are not detected almost any antivirus. Avast blocks some of the links but some links. Kaspersky doesnt know about them. When i exposed smilar bmp files to bitdefender telemetry they started to get detected by bitdefender. Norton finds them suspicious. They are not detected by antivirus companies. I have found some research related to these files.
These bmp files are mentioned in the below links that i shared. They are dangerous.

New RisePro Stealer distributed by the prominent PrivateLoader

RisePro is a new undocumented stealer. According to SEKOIA.IO analysts, it has similarities with PrivateLoader.

blog.sekoia.io

Peeking into PrivateLoader

PrivateLoader's primary purpose is to download and execute additional malware for a pay-per-install (PPI) malware distribution service.

www.zscaler.com

Can you send them to me in PM ?
I'll forward them to Avast

 

[OTTO]

Can you send them to me in PM ?
I'll forward them to Avast

Sure. I have like 20 of them but everyday more links come up.
I will add you to pm chat.
Btw these links are vk links and after a while vk removes them. So these links might be dead until a malware analyst take a look at them.

 

[OTTO]

I can'T send you the links. ıt gives me error.
Btw one of the links on virustotal.
Link was sent to virustotal two days ago yet so far only one detection and no detection from major companies. It's frightening.

 

[Pilot777]

File detected when searching Kaspersky's own threat portal. See below:

Well, first of all, if You just wait for a bit longer, then the Portal detection result strangely disappears, and, for some mysterious reason, in the end, the detection outcome always comes up as perfectly clean. I've done that several times, and I've seen it enough times to claim what I've just said. How can You even say that it's detected by kaspersky portal, when, in fact, it isn't, and that the actual kaspersky application installed on a PC is not handling this obvious threat?