Jump to content

malware hashes


Go to solution Solved by Marcos,

Recommended Posts

Posted

i tried sending hashes to malware research team on samples@eset.com, but they did not responded back, the hashes are of ransomware which need urgent detection, kaspersky, bitdefender others detect the sample hashes as ransomware, but eset fails, please share these hashes with malware research team

kindly check on ransomware hashes, majority of vendors on virustotal detect them as ransomware

hashes:

270bac45ef3f2711b9028cd072be63d6c5106085af6f310aea3638daac62e935
eaf402c52cc9e511b82a0002faa069eb9423009881b98ae01b696c784f13b1bc
188cceef0109f3ccf79285ffcd056c404fa3e4241669d3c73cd244cbf0da4cc1
0139efc6c639bf06086050b2042e82aaecb7404d23d601cb488975cd24b73955
3da77538790f066ee5afd3ac7322b434bf14b2c14b64d0ce2f6a96ba2d7b631a
d1928201d5322cac3435544b4fc03e053385fcd33c5910451cec2bb763e86d9e

 
and please update with detection.
 
thankyou
  • Administrators
  • Solution
Posted

The files are detected now: WinGo/Filecoder.HT trojan.

 

Posted

These samples were submitted to VirusTotal two weeks ago!

Posted

some more hash to share of suspected ransomware

5d19e1fcc4acc424bea8215a7fb6e8d5d975c4fb42cfa14329d579806465aaa6

1d7ae1705b07f89a6a47b412f35fd14b74d75de550ab3c113451cebcba5585d7

8c1de5e2f95d1b23f0a4b1445b572d3c2c2bb1b715265b1fd145ba19b2830209

264281a0866d0b1d8636de9e3643c1d7117028055dc5c7f2d20ce7ba7e6ec6c1

b5f05f4fbb39ee3d29708161d0f1c98012e066817a6bcb3e6444cd3ff7c43bac

Posted

hello, team, is there a update on this, thankyou

Posted
3 hours ago, hellosky11 said:

hello, team, is there a update on this, thankyou

Based on just performed VirusTotal rescans, Eset only now detects;

5d19e1fcc4acc424bea8215a7fb6e8d5d975c4fb42cfa14329d579806465aaa6 - Win64/Filecoder.OO

Posted

yes, i know, that is why shared the hashes, for the very first hashes also, eset detected 2 hashes and i shared the rest of the hashes

Posted

8c1de5e2f95d1b23f0a4b1445b572d3c2c2bb1b715265b1fd145ba19b2830209

264281a0866d0b1d8636de9e3643c1d7117028055dc5c7f2d20ce7ba7e6ec6c1

b5f05f4fbb39ee3d29708161d0f1c98012e066817a6bcb3e6444cd3ff7c43bac

 

 

now only these 3 are left for other also one by one detection is created, @Marcos can you get above 3 hashes shared

Posted

please share these hashes of ransomware also

ae66e009e16f0fad3b70ad20801f48f2edb904fa5341a89e126a26fd3fc80f75

ee29b9c01318a1e23836b949942db14d4811246fdae2f41df9f0dcd922c63bc6

  • Administrators
Posted
2 hours ago, hellosky11 said:

please share these hashes of ransomware also

ae66e009e16f0fad3b70ad20801f48f2edb904fa5341a89e126a26fd3fc80f75

ee29b9c01318a1e23836b949942db14d4811246fdae2f41df9f0dcd922c63bc6

Both are corrupted and not subject to detection.

Posted
On 8/30/2024 at 11:30 PM, hellosky11 said:

8c1de5e2f95d1b23f0a4b1445b572d3c2c2bb1b715265b1fd145ba19b2830209

264281a0866d0b1d8636de9e3643c1d7117028055dc5c7f2d20ce7ba7e6ec6c1

b5f05f4fbb39ee3d29708161d0f1c98012e066817a6bcb3e6444cd3ff7c43bac

 

 

now only these 3 are left for other also one by one detection is created, @Marcos can you get above 3 hashes shared

and these one, thanks

Posted

one more ransomware hash

166bba02413995aff28ffeb27d3bf3d5a5f6a6cd36893e252c7b9a22836f4980

  • Administrators
Posted
7 hours ago, hellosky11 said:

one more ransomware hash

166bba02413995aff28ffeb27d3bf3d5a5f6a6cd36893e252c7b9a22836f4980

Been detected for a couple of days already

166bba02413995aff28ffeb27d3bf3d5a5f6a6cd36893e252c7b9a22836f4980.exe - Suspicious Object

 

  • Administrators
Posted
8 hours ago, hellosky11 said:

175f89c8cce9ddf703f4faf4c4c2500a85c21041cbb383e95e2ea13d6bf28a7a

The same holds true for this one too:

175f89c8cce9ddf703f4faf4c4c2500a85c21041cbb383e95e2ea13d6bf28a7a.exe - Suspicious Object

 

Posted (edited)
8 hours ago, Marcos said:

Been detected for a couple of days already

166bba02413995aff28ffeb27d3bf3d5a5f6a6cd36893e252c7b9a22836f4980.exe - Suspicious Object

8 hours ago, Marcos said:

The same holds true for this one too:

175f89c8cce9ddf703f4faf4c4c2500a85c21041cbb383e95e2ea13d6bf28a7a.exe - Suspicious Object

@hellosky11, Eset blacklist detection's do not show on VirusTotal. As noted in VT documentation, participating AV vendors do not always activate all protection mechanisms on their version's installed there.

Edited by itman
Posted

I know about the suspicious detection category, but it is not signature-based. I was asking you to share the hashes with malware researchers to get signatures created for them as ransomware samples.

Posted

I already know that, and I am using ESET Internet Security, so I don't need VirusTotal for that. The thing is, ESET's malware researchers don't reply. If you check, the very first hashes I provided were sent to them by Marcos after I had already shared the same hashes with them a month ago. They didn't respond to me or create a detection. But as soon as Marcos shared the hashes, they created a detection. So, 'suspicious' is the product detection. That's why I've asked Marcos to share these suspicious detections with the malware researchers; maybe they'll create signatures for them.

Posted (edited)
1 hour ago, hellosky11 said:

I already know that, and I am using ESET Internet Security, so I don't need VirusTotal for that. The thing is, ESET's malware researchers don't reply. If you check, the very first hashes I provided were sent to them by Marcos after I had already shared the same hashes with them a month ago. They didn't respond to me or create a detection. But as soon as Marcos shared the hashes, they created a detection. So, 'suspicious' is the product detection. That's why I've asked Marcos to share these suspicious detections with the malware researchers; maybe they'll create signatures for them.

Lately, many of my email submissions to the ESET research team have gone ignored. This issue began last week. Previously, submissions were typically processed in a timely manner; they would usually respond once the analysis was complete. Even if they didn’t reply, I noticed that new signature-based detections were added for the malware samples I submitted, which was acceptable. However, now it seems that some clearly malicious samples are not being detected, even after I submitted them.

For example:

 https://www.virustotal.com/gui/file/e921790b52c63a06fe5c3a5b523d27a94a5072161d925bf6bc4a06dd5b3585dc

https://www.virustotal.com/gui/file/0c5fa39a951e9b20778c9556944aededf41978123addc2c904f9fb17bbb6dbfa

https://www.virustotal.com/gui/file/db02922ce51bf69f6b3e9ca89b63f368091a979122cfed408a0b2b70a2fe432b - MBR killer, only blocked in the cloud but I think a signature-based detection is needed.

Edited by AnthonyQ
Posted
1 hour ago, hellosky11 said:

I already know that, and I am using ESET Internet Security, so I don't need VirusTotal for that. The thing is, ESET's malware researchers don't reply. If you check, the very first hashes I provided were sent to them by Marcos after I had already shared the same hashes with them a month ago. They didn't respond to me or create a detection. But as soon as Marcos shared the hashes, they created a detection. So, 'suspicious' is the product detection. That's why I've asked Marcos to share these suspicious detections with the malware researchers; maybe they'll create signatures for them.

It seems that submitting samples through the forum might be the best approach. I've submitted 6 side-loading samples (3 days ago), and so far none have been detected.

Posted

Well, I don't know why ESET's articles also state that if you don't receive any reply from malware researchers, drop them a follow-up email. I've been dropping them a follow-up email every 5 days after sending my samples initially, but they haven't replied. I think the support team should remove the false information from their article about following up with malware researchers.

https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab

image.png.5bc59518ade57535b8429dd4143bebe9.png

Posted

I don't want to say this, but on my other PC, I have Bitdefender installed. When an undetected sample comes in and I don't have the sample itself, I simply send the malware research team the hashes, or sometimes the sample if I have it. The best thing about Bitdefender's malware researchers is that they reply to every single email you send them with samples or hashes. They clearly state whether the file/website is malicious, potentially unwanted (PUP), or neither. The key point here is that they respond to everything, and you don't even need to send them a follow-up email. This is something ESET has been lacking from the start.

@Marcos, would you like to add something here? If you want to speak in favor of ESET's malware researchers, kindly consider the positive aspects I’ve mentioned about Bitdefender’s malware researchers. If your argument is that they receive thousands of samples every day and can’t respond to every single one, well, they are not the only ones. Bitdefender, Kaspersky, and Malwarebytes also receive thousands of samples, yet they manage to reply to every single email. Please consider this statement before providing your feedback.

Also, the follow-up email suggestion in the ESET article I shared above doesn’t make sense and should be removed.

I am not against ESET, but how can ESET's malware researchers compete with the positive feedback provided by other companies who inform users about the status of the samples/hashes they send?

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...