QuickSilverST250

I've scanned the VM with XDR now after it updated to the latest engine, this is the screenshot, it seems it was black matter that infected:

We had the same notifications, again i could be wrong in which sample caused the infection but was working in XDR and this one stood out, it could have been any one of them that started with 0 "zero" in file name as it goes in sequence and it was around 06 when we noticed the infection

Could be as when the infection took place i could not really see in PE the payload or could be remote infection

The way we did this test was: From a server location, malware in protected zips, we extract the zips to a folder that has our script to execute the malware, we extract the malware to this folder with the protection ENABLED. We allow ESET to quarantine the malware as it's being extracted, once the extraction process is done, we then run our script to execute what's left and this will be windows, linux and android files. Once the test is done and the left over samples, we manually submit them just incase they weren't.

NO, Hyper-V for our testing VM's against malware.

Hi James, thank you for the reply. As mentioned, this is a VM for testing samples, we have everything up to date, detection engine was 29130 during the test we did a short while back. We are testing it now on a new VM with engine 29131 and seems fine now and looks like it's being detected, just a shame it took over 24hrs for this to be detected. I could be wrong in regarding the ransomware that might be responsible for the encryption as that's the only one we can see XDR flags as ransomware, once i upload the note and sample to id ransomware, says it's unable to determine the type. We did this on 2 x EES and 1 Eset home premium vm.

As mentioned, we use this vm to test malware so there are all kinds of samples being detonated, doubt as you might the machine is infected non the less.

Hi, we logged a ticket with our region support team and no one has come back to us. We tested new samples in our VM environment, and we have ransomware infection. We tested the same samples for our 24 hrs period and they keep getting infected, we submitted the samples but somehow ESET is still unable to stop this infection. As I'm making this post, the infection just happened again, please see below our info to tech support: Hi, Hope you are doing well. In our testing environment, on my VM I was testing some new samples, I noticed a text file drop on the desktop and immediately suspected ransomware. once I navigated to Documents/Pictures etc I noticed the file ext have changed to .TE8ZZUVLN I have made a recording on how the VM is currently looking and you can find the logs collected with the profile assigned to the endpoint: I did mention we will not shutdown so we can collect the logs, but the VM did shutdown on its own after I stopped the recording. The logs collected are from after the VM started up again. We then run the same test on our VM with XDR, here are the info for this VM: Here is the screenshot of our VM that has XDR on it: We collected logs from the VM also after a restart as it was nonresponsive, and we struggled over an hour to try and get the logs but no luck so we restarted it.. It looks like it’s this sample that’s caused the infection: 062683257386c9e41a1cd1493f029d817445c37f7c65386d54122fa466419ce1.exe Shows ESET on VT as detected but seems it’s not. We have the info in our XDR, we are investigating on our end but let us know what info you need from the XDR. We also runt the same malware hours later our other VM running ESET Smart Security Premium and suffered to the same fate. Please let us know what info is needed and how this infection was possible.

Here is the 2nd upload. Malicious APK 2.rar

We will be testing the behavior soon, only noticed other vendors are flagging them. We saw today that our EES detected some of them, so we restored them and copied to an android phone with endpoint protection on it, it detected now 3 of them, yesterday it detected nothing. We attached the other ones; they might not be malicious but can check them out if you want to ESET but you can check them out if you want. The ones left behind was scanned detected by surfshark antivirus on android, not all but only Malicious APK.rar

I have some apk files i want to check but to exceeds the limit so will email a wetransfer link for them

Thank I appreciate it. What is the best way to supply samples to ESET? To do it on a endpoint and submit auto/manually or send the samples to ESET?

Great thank you.

Thank you for helping I appreciate it.

Was referring to the zip files i uploaded with multipale files in them.