IvanL_5306 1 Posted May 30, 2022 Share Posted May 30, 2022 Hello, I have submitted over hundreds of virus samples to ESET. But there is still a fly in the ointment. First of all, ESET should not rely on the Generik detection as it is an ambiguous detection. If a sample does not have a correct detection name (proper analysis process), the sample will not be detected in the future as the detection will be removed from virus definition. In addition, I have submitted a Cobalt Strike malware sample (VT) on November 11 last year [TRACK#61879A090160]. Quote Thank you for your submission. The detection of the threat is covered by the current version of detection engine. 38667bc3ad2dcef35a5f343a5073e3f2 - Generik.BARZRM trojan 834002efbb051925b860df65165b0682 - MSIL/TrojanDownloader.Agent.JJH trojan Regards, ESET Malware Response Team It was analyzed as Generik.BARZRM trojan, probably processed automatically. After 6 months, the sample is not detected. Therefore, I submitted it again to ESET for further analysis [TRACK#62947AF70248]. Now the final verdict was Win64/CobaltStrike.Beacon.A trojan and C2 is already dead. Quote Thank you for your submission. The detection for this threat will be included in the next update of detection engine, expected version: 25351. 38667bc3ad2dcef35a5f343a5073e3f2.exe.vir - Win64/CobaltStrike.Beacon.A trojan Regards, ESET Malware Response Team It is good to have Generik detection method as it has high priority for unknown malware that normally packed in VMProtect, NSIS packages and etc (upper layer), which is nice. Unfortunately, it can be easily bypassed by hash. I'm hoping ESET Research Lab can analyze it again, if the sample is already detected as Generik and submitted by users for further analysis. Thank you. Regards, Ivan Link to comment Share on other sites More sharing options...
Recommended Posts