-
Posts
390 -
Joined
-
Last visited
-
Days Won
10
SeriousHoax last won the day on April 27 2023
SeriousHoax had the most liked content!
About SeriousHoax
-
Rank
Newbie
Profile Information
-
Location
Bangladesh
Recent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
SeriousHoax reacted to a post in a topic: Customer satisfaction survey 2024
-
IvanL_5306 reacted to a post in a topic: Malicious website submissions are ignored
-
Malicious website submissions are ignored
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
Yeah, I'm aware as I use an Android phone myself. It's an unofficial Telegram app installer but I don't know if it's a malware or not. Only Ikarus detects it according to VT. Ikarus quite often just copies ESET and Kaspersky's signature (mostly ESET). -
Malicious website submissions are ignored
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
@MarcosHi, it looks like a site pretending to be Telegram: https://www.virustotal.com/gui/url/f9270c478f1a5ce7f4e2ecd11e3d4a865d0c57441dc268b049141432f165da00/detection If you download, then the download link for the telegram APK is this (Blacklisted by Symantec): https://www.virustotal.com/gui/url/ab1e2a4570eff9dd5568acfa361681af67e8c769a7df8b26087d91d14051e705/detection This is the downloaded APK. I don't know if it's safe or malicious: https://www.virustotal.com/gui/file/ec35557541324afb84dc9855136d478ff02d69927ff6382acb2e111defa47603/detection -
SeriousHoax reacted to a post in a topic: Malicious website submissions are ignored
-
Malicious website submissions are ignored
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
Yeah, signature-based detection is not enough. Even Hybrid-analysis is not doing a good job. @MarcosTwo phishing sites. Blacklisted by Symantec: https://www.virustotal.com/gui/url/ffa39757976dc67f58860f82a6c40100397bf54e394357d12683250ace0741d3/detection https://www.virustotal.com/gui/url/cac61363aab776905c8c8c9e8c5561d00df3593abfce5b6412aaa00bba547ee2/detection -
Malicious website submissions are ignored
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
@MarcosHi! Here's a somewhat similar stealer sample I sent you in a private message a few days ago. The current signature on the exe file is not an effective solution. I assume it should also be analyzed by an analyst to create a better signature like it was created for the other two samples I shared in this thread: https://www.virustotal.com/gui/file/e9d1c22e3616399e4ce428ab0c4bbc7d0519f9e3cd19ad91d33bcef5ce539f5c/detection -
SeriousHoax reacted to a post in a topic: Malicious website submissions are ignored
-
SeriousHoax reacted to a post in a topic: Malicious website submissions are ignored
-
Malicious website submissions are ignored
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
A download from the website is serving the malicious version but it received an update a few days ago. On Malwaretips two links were shared to download the malware. One from Triage, one from the malicious site. They are different samples. The Triage one is probably an older variant. But anyway, both were able to steal data when I tested myself yesterday. -
Malicious website submissions are ignored
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
I have it on my PC right now. As I said I even tested it in my VMs. It is password protected. https://postimg.cc/2qF885v8 -
Malicious website submissions are ignored
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
The archive is password protected. The password is: "KS2024" -
Malicious website submissions are ignored
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
I tested it myself today (not against ESET though), it is indeed malicious. It leaves remnant of what it steals in the temp folder. It's also malicious. It was tested by some other people against various products and was sent to Kaspersky yesterday when they created the signature, and it is still detected by them. All these are Electron based info stealer. There is a new variant almost every day and is hard to keep up with them. Signature based detections are definitely not going to cut it most of the time and even other well-known products with good behavior blockers are often struggling against these. -
Malicious website submissions are ignored
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
@MarcosHere's a fake game website that is spreading stealer malware. Website: https://www.virustotal.com/gui/url/296e671f04229c2b929d08d8ee07b93ad2e9b3b602b62874d53a8c39a30173b5/detection So far, found two different samples from this site. Both are undetected. So, signatures should be added for these two also: https://www.virustotal.com/gui/file/46cdcfc3b2c08ab5e18c7479489989639ebf4b0f5d4fee5ba48f9ed5de6524a0/detection https://www.virustotal.com/gui/file/c765f61cee33c326acc4ea19256267c35129a1ec7edb567fe0b5ed9a88e3d6b1/detection -
SeriousHoax reacted to a post in a topic: Some undetected malware samples after submissions
-
Malicious website submissions are ignored
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
That's possible I guess. Thanks for the quick resolution. -
SeriousHoax reacted to a post in a topic: Malicious website submissions are ignored
-
Malicious website submissions are ignored
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
@MarcosHi, here's a phishing site. Fake twitch follower selling website. Along with the VT detections, also blacklisted by Avast and Symantec. https://www.virustotal.com/gui/url/369b3079f5a285b123572fce5bafa771d649445e6a1e235301c1822595d284b1/detection -
Malicious website submissions are ignored
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
Yeah, ESET has added to blacklist. The website is active again. -
ESET keeps blocking the address
SeriousHoax replied to help_needed's topic in Malware Finding and Cleaning
Add to detection exclusion as Marcos showed above. But at least visit websites like this in your browser's Private/Incognito mode. -
AnthonyQ reacted to a post in a topic: Malicious website submissions are ignored
-
Malicious website submissions are ignored
SeriousHoax replied to SeriousHoax's topic in Malware Finding and Cleaning
Yeah, I sent this because it was redirecting to download a malicious exe file. If telemetry was collected on the link, then I would assume that some ESET's automated URL analysis probably would've been able to auto blacklist it. SmartScreen on MS Edge didn't block the link a couple of days ago but yesterday it was auto-blacklisted as soon as it was redirecting to the malicious exe file. I guess that it was done by their automated analysis since it has connection to Microsoft Defender telemetry which can detect the downloaded malware. I submitted this link via ESET's dedicated Phishing submission page (even though it doesn't necessarily fit the phishing category) since I had less luck submitting malicious sites via email. I usually don't use my forum email for submission since Gmail doesn't allow attachments and sharing links are also blacklisted by gmail sometimes. Had some luck with malware submission lately but not so much for submitting malicious/phishing URLs. A web-based submission page must be made. Sending samples via email is very old-school and unreliable as I said email providers like gmail don't even let you attach password protected archives. Every decently popular AV vendor out there has an online submission portal. I don't understand how ESET is yet to have it after all these years. -
Malicious website submissions are ignored
SeriousHoax posted a topic in Malware Finding and Cleaning
This is being happening for a long time. Any malicious/phishing websites I submit either via email or via the product itself or via the dedicated phishing submission page are ignored 9/10 times which is rather frustrating. Here's a VT link of a malicious source which should be blacklisted: https://www.virustotal.com/gui/url/c91f1cad547f7897d997b0dc1c5b8a423324b871e14293f79bf7dc5012e4b4bb/detection