itman 1,659 Posted April 22, 2023 Share Posted April 22, 2023 (edited) https://www.fortinet.com/blog/threat-research/evil-extractor-all-in-one-stealer I checked the first two IOCs listed below at VT and Eset didn't detect them; Quote Files: 352efd1645982b8d23a841107007c8b4b024eb6bb5d6b312e5783ce4aa62b685 023548a5ce0de9f8b748a2fd8c4d1ae6c924c40acbde32e9599c868115d11f4e 75688c32a3c1f04df0fc02491180c8079d7fdc0babed981f5860f22f5e118a5e 826c7c112dd1ae80469ef81f5066003d7691a349e6234c8f8ca9637b0984fc45 b1ef1654839b73f03b73c4ef4e20ce4ecdef2236ec6e1ca36881438bc1758dcd 17672795fb0c8df81ab33f5403e0e8ed15f4b2ac1e8ac9fef1fec4928387a36d Edited April 22, 2023 by itman el el amiril 1 Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,074 Posted April 23, 2023 Administrators Solution Share Posted April 23, 2023 We'll check it out, however, it appears that even if they are not detected by an on-demand scan the malware is detected upon execution and the process quits or is killed: Link to comment Share on other sites More sharing options...
el el amiril 0 Posted April 23, 2023 Share Posted April 23, 2023 4 minutes ago, Marcos said: We'll check it out, however, it appears that even if they are not detected by an on-demand scan the malware is detected upon execution and the process quits or is killed: Sir both eset version? as each has its own feature and the premium version has liveguard? Link to comment Share on other sites More sharing options...
itman 1,659 Posted April 23, 2023 Author Share Posted April 23, 2023 7 hours ago, el el amiril said: Sir both eset version? as each has its own feature and the premium version has liveguard? Eset detects the PowerShell script via signature. So you're protected with or without LiveGuard cloud scan feature. Link to comment Share on other sites More sharing options...
Recommended Posts