Jump to content

SeriousHoax

Most Valued Members
  • Posts

    390
  • Joined

  • Last visited

  • Days Won

    10

SeriousHoax last won the day on April 27 2023

SeriousHoax had the most liked content!

About SeriousHoax

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Bangladesh

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Yeah, I'm aware as I use an Android phone myself. It's an unofficial Telegram app installer but I don't know if it's a malware or not. Only Ikarus detects it according to VT. Ikarus quite often just copies ESET and Kaspersky's signature (mostly ESET).
  2. @MarcosHi, it looks like a site pretending to be Telegram: https://www.virustotal.com/gui/url/f9270c478f1a5ce7f4e2ecd11e3d4a865d0c57441dc268b049141432f165da00/detection If you download, then the download link for the telegram APK is this (Blacklisted by Symantec): https://www.virustotal.com/gui/url/ab1e2a4570eff9dd5568acfa361681af67e8c769a7df8b26087d91d14051e705/detection This is the downloaded APK. I don't know if it's safe or malicious: https://www.virustotal.com/gui/file/ec35557541324afb84dc9855136d478ff02d69927ff6382acb2e111defa47603/detection
  3. Yeah, signature-based detection is not enough. Even Hybrid-analysis is not doing a good job. @MarcosTwo phishing sites. Blacklisted by Symantec: https://www.virustotal.com/gui/url/ffa39757976dc67f58860f82a6c40100397bf54e394357d12683250ace0741d3/detection https://www.virustotal.com/gui/url/cac61363aab776905c8c8c9e8c5561d00df3593abfce5b6412aaa00bba547ee2/detection
  4. @MarcosHi! Here's a somewhat similar stealer sample I sent you in a private message a few days ago. The current signature on the exe file is not an effective solution. I assume it should also be analyzed by an analyst to create a better signature like it was created for the other two samples I shared in this thread: https://www.virustotal.com/gui/file/e9d1c22e3616399e4ce428ab0c4bbc7d0519f9e3cd19ad91d33bcef5ce539f5c/detection
  5. A download from the website is serving the malicious version but it received an update a few days ago. On Malwaretips two links were shared to download the malware. One from Triage, one from the malicious site. They are different samples. The Triage one is probably an older variant. But anyway, both were able to steal data when I tested myself yesterday.
  6. I have it on my PC right now. As I said I even tested it in my VMs. It is password protected. https://postimg.cc/2qF885v8
  7. The archive is password protected. The password is: "KS2024"
  8. I tested it myself today (not against ESET though), it is indeed malicious. It leaves remnant of what it steals in the temp folder. It's also malicious. It was tested by some other people against various products and was sent to Kaspersky yesterday when they created the signature, and it is still detected by them. All these are Electron based info stealer. There is a new variant almost every day and is hard to keep up with them. Signature based detections are definitely not going to cut it most of the time and even other well-known products with good behavior blockers are often struggling against these.
  9. @MarcosHere's a fake game website that is spreading stealer malware. Website: https://www.virustotal.com/gui/url/296e671f04229c2b929d08d8ee07b93ad2e9b3b602b62874d53a8c39a30173b5/detection So far, found two different samples from this site. Both are undetected. So, signatures should be added for these two also: https://www.virustotal.com/gui/file/46cdcfc3b2c08ab5e18c7479489989639ebf4b0f5d4fee5ba48f9ed5de6524a0/detection https://www.virustotal.com/gui/file/c765f61cee33c326acc4ea19256267c35129a1ec7edb567fe0b5ed9a88e3d6b1/detection
  10. That's possible I guess. Thanks for the quick resolution.
  11. @MarcosHi, here's a phishing site. Fake twitch follower selling website. Along with the VT detections, also blacklisted by Avast and Symantec. https://www.virustotal.com/gui/url/369b3079f5a285b123572fce5bafa771d649445e6a1e235301c1822595d284b1/detection
  12. Yeah, ESET has added to blacklist. The website is active again.
  13. Add to detection exclusion as Marcos showed above. But at least visit websites like this in your browser's Private/Incognito mode.
  14. Yeah, I sent this because it was redirecting to download a malicious exe file. If telemetry was collected on the link, then I would assume that some ESET's automated URL analysis probably would've been able to auto blacklist it. SmartScreen on MS Edge didn't block the link a couple of days ago but yesterday it was auto-blacklisted as soon as it was redirecting to the malicious exe file. I guess that it was done by their automated analysis since it has connection to Microsoft Defender telemetry which can detect the downloaded malware. I submitted this link via ESET's dedicated Phishing submission page (even though it doesn't necessarily fit the phishing category) since I had less luck submitting malicious sites via email. I usually don't use my forum email for submission since Gmail doesn't allow attachments and sharing links are also blacklisted by gmail sometimes. Had some luck with malware submission lately but not so much for submitting malicious/phishing URLs. A web-based submission page must be made. Sending samples via email is very old-school and unreliable as I said email providers like gmail don't even let you attach password protected archives. Every decently popular AV vendor out there has an online submission portal. I don't understand how ESET is yet to have it after all these years.
  15. This is being happening for a long time. Any malicious/phishing websites I submit either via email or via the product itself or via the dedicated phishing submission page are ignored 9/10 times which is rather frustrating. Here's a VT link of a malicious source which should be blacklisted: https://www.virustotal.com/gui/url/c91f1cad547f7897d997b0dc1c5b8a423324b871e14293f79bf7dc5012e4b4bb/detection
×
×
  • Create New...