itman 1,630 Posted August 20 Share Posted August 20 (edited) Looks like Eset Cobalt Strike detection capability has improved! I found a sample not detected by Eset on VT. Upon download, Eset real-time detection caught it as suspicious; i.e. LiveGrid blacklist detection; Quote Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 8/20/2023 2:26:29 PM;Real-time file system protection;file;C:\Users\xxxxxx\Downloads\220f6b9f96106f637b339e2c6aee7259e76a9fd8a7237bc69ca7c1412bb8f992.exe;Suspicious Object;cleaned by deleting;xxxxxxxxx;Event occurred on a new file created by the application: C:\Program Files\7-Zip\7zG.exe (DF22612647E9404A515D48EBAD490349685250DE).;32CEDDF549C30161214D09EE1297B7A557BE701C;8/20/2023 2:26:10 PM Of note here is no LiveGuard submission was done prior to detection. One possible reason for Eset detection is the file sig, was invalid; Quote The digital signature of the object did not verify. https://www.virustotal.com/gui/file/220f6b9f96106f637b339e2c6aee7259e76a9fd8a7237bc69ca7c1412bb8f992 Edited August 21 by itman Link to comment Share on other sites More sharing options...
Recommended Posts