Guest Posted August 28 Posted August 28 i tried sending hashes to malware research team on samples@eset.com, but they did not responded back, the hashes are of ransomware which need urgent detection, kaspersky, bitdefender others detect the sample hashes as ransomware, but eset fails, please share these hashes with malware research team kindly check on ransomware hashes, majority of vendors on virustotal detect them as ransomware hashes: 270bac45ef3f2711b9028cd072be63d6c5106085af6f310aea3638daac62e935 eaf402c52cc9e511b82a0002faa069eb9423009881b98ae01b696c784f13b1bc 188cceef0109f3ccf79285ffcd056c404fa3e4241669d3c73cd244cbf0da4cc1 0139efc6c639bf06086050b2042e82aaecb7404d23d601cb488975cd24b73955 3da77538790f066ee5afd3ac7322b434bf14b2c14b64d0ce2f6a96ba2d7b631a d1928201d5322cac3435544b4fc03e053385fcd33c5910451cec2bb763e86d9e and please update with detection. thankyou
Administrators Solution Marcos 5,468 Posted August 28 Administrators Solution Posted August 28 The files are detected now: WinGo/Filecoder.HT trojan.
itman 1,807 Posted August 28 Posted August 28 These samples were submitted to VirusTotal two weeks ago!
Guest Posted August 29 Posted August 29 some more hash to share of suspected ransomware 5d19e1fcc4acc424bea8215a7fb6e8d5d975c4fb42cfa14329d579806465aaa6 1d7ae1705b07f89a6a47b412f35fd14b74d75de550ab3c113451cebcba5585d7 8c1de5e2f95d1b23f0a4b1445b572d3c2c2bb1b715265b1fd145ba19b2830209 264281a0866d0b1d8636de9e3643c1d7117028055dc5c7f2d20ce7ba7e6ec6c1 b5f05f4fbb39ee3d29708161d0f1c98012e066817a6bcb3e6444cd3ff7c43bac
itman 1,807 Posted August 30 Posted August 30 3 hours ago, hellosky11 said: hello, team, is there a update on this, thankyou Based on just performed VirusTotal rescans, Eset only now detects; 5d19e1fcc4acc424bea8215a7fb6e8d5d975c4fb42cfa14329d579806465aaa6 - Win64/Filecoder.OO
Guest Posted August 30 Posted August 30 yes, i know, that is why shared the hashes, for the very first hashes also, eset detected 2 hashes and i shared the rest of the hashes
Guest Posted August 30 Posted August 30 8c1de5e2f95d1b23f0a4b1445b572d3c2c2bb1b715265b1fd145ba19b2830209 264281a0866d0b1d8636de9e3643c1d7117028055dc5c7f2d20ce7ba7e6ec6c1 b5f05f4fbb39ee3d29708161d0f1c98012e066817a6bcb3e6444cd3ff7c43bac now only these 3 are left for other also one by one detection is created, @Marcos can you get above 3 hashes shared
Guest Posted September 1 Posted September 1 please share these hashes of ransomware also ae66e009e16f0fad3b70ad20801f48f2edb904fa5341a89e126a26fd3fc80f75 ee29b9c01318a1e23836b949942db14d4811246fdae2f41df9f0dcd922c63bc6
Administrators Marcos 5,468 Posted September 1 Administrators Posted September 1 2 hours ago, hellosky11 said: please share these hashes of ransomware also ae66e009e16f0fad3b70ad20801f48f2edb904fa5341a89e126a26fd3fc80f75 ee29b9c01318a1e23836b949942db14d4811246fdae2f41df9f0dcd922c63bc6 Both are corrupted and not subject to detection.
Guest Posted September 1 Posted September 1 On 8/30/2024 at 11:30 PM, hellosky11 said: 8c1de5e2f95d1b23f0a4b1445b572d3c2c2bb1b715265b1fd145ba19b2830209 264281a0866d0b1d8636de9e3643c1d7117028055dc5c7f2d20ce7ba7e6ec6c1 b5f05f4fbb39ee3d29708161d0f1c98012e066817a6bcb3e6444cd3ff7c43bac now only these 3 are left for other also one by one detection is created, @Marcos can you get above 3 hashes shared and these one, thanks
Guest Posted September 1 Posted September 1 (edited) ransomware hash 175f89c8cce9ddf703f4faf4c4c2500a85c21041cbb383e95e2ea13d6bf28a7a 50 vendors detecting it and not eset 🤔 https://www.virustotal.com/gui/file/175f89c8cce9ddf703f4faf4c4c2500a85c21041cbb383e95e2ea13d6bf28a7a?nocache=1 a scan with eset internet security personally also went undetected Edited September 1 by hellosky11
Guest Posted September 1 Posted September 1 one more ransomware hash 166bba02413995aff28ffeb27d3bf3d5a5f6a6cd36893e252c7b9a22836f4980
Administrators Marcos 5,468 Posted September 2 Administrators Posted September 2 7 hours ago, hellosky11 said: one more ransomware hash 166bba02413995aff28ffeb27d3bf3d5a5f6a6cd36893e252c7b9a22836f4980 Been detected for a couple of days already 166bba02413995aff28ffeb27d3bf3d5a5f6a6cd36893e252c7b9a22836f4980.exe - Suspicious Object
Administrators Marcos 5,468 Posted September 2 Administrators Posted September 2 8 hours ago, hellosky11 said: 175f89c8cce9ddf703f4faf4c4c2500a85c21041cbb383e95e2ea13d6bf28a7a The same holds true for this one too: 175f89c8cce9ddf703f4faf4c4c2500a85c21041cbb383e95e2ea13d6bf28a7a.exe - Suspicious Object
itman 1,807 Posted September 2 Posted September 2 (edited) 8 hours ago, Marcos said: Been detected for a couple of days already 166bba02413995aff28ffeb27d3bf3d5a5f6a6cd36893e252c7b9a22836f4980.exe - Suspicious Object 8 hours ago, Marcos said: The same holds true for this one too: 175f89c8cce9ddf703f4faf4c4c2500a85c21041cbb383e95e2ea13d6bf28a7a.exe - Suspicious Object @hellosky11, Eset blacklist detection's do not show on VirusTotal. As noted in VT documentation, participating AV vendors do not always activate all protection mechanisms on their version's installed there. Edited September 2 by itman
Guest Posted September 3 Posted September 3 I know about the suspicious detection category, but it is not signature-based. I was asking you to share the hashes with malware researchers to get signatures created for them as ransomware samples.
Guest Posted September 3 Posted September 3 I already know that, and I am using ESET Internet Security, so I don't need VirusTotal for that. The thing is, ESET's malware researchers don't reply. If you check, the very first hashes I provided were sent to them by Marcos after I had already shared the same hashes with them a month ago. They didn't respond to me or create a detection. But as soon as Marcos shared the hashes, they created a detection. So, 'suspicious' is the product detection. That's why I've asked Marcos to share these suspicious detections with the malware researchers; maybe they'll create signatures for them.
AnthonyQ 56 Posted September 3 Posted September 3 (edited) 1 hour ago, hellosky11 said: I already know that, and I am using ESET Internet Security, so I don't need VirusTotal for that. The thing is, ESET's malware researchers don't reply. If you check, the very first hashes I provided were sent to them by Marcos after I had already shared the same hashes with them a month ago. They didn't respond to me or create a detection. But as soon as Marcos shared the hashes, they created a detection. So, 'suspicious' is the product detection. That's why I've asked Marcos to share these suspicious detections with the malware researchers; maybe they'll create signatures for them. Lately, many of my email submissions to the ESET research team have gone ignored. This issue began last week. Previously, submissions were typically processed in a timely manner; they would usually respond once the analysis was complete. Even if they didn’t reply, I noticed that new signature-based detections were added for the malware samples I submitted, which was acceptable. However, now it seems that some clearly malicious samples are not being detected, even after I submitted them. For example: https://www.virustotal.com/gui/file/e921790b52c63a06fe5c3a5b523d27a94a5072161d925bf6bc4a06dd5b3585dc https://www.virustotal.com/gui/file/0c5fa39a951e9b20778c9556944aededf41978123addc2c904f9fb17bbb6dbfa https://www.virustotal.com/gui/file/db02922ce51bf69f6b3e9ca89b63f368091a979122cfed408a0b2b70a2fe432b - MBR killer, only blocked in the cloud but I think a signature-based detection is needed. Edited September 3 by AnthonyQ IvanL_5306 1
IvanL_5306 1 Posted September 3 Posted September 3 1 hour ago, hellosky11 said: I already know that, and I am using ESET Internet Security, so I don't need VirusTotal for that. The thing is, ESET's malware researchers don't reply. If you check, the very first hashes I provided were sent to them by Marcos after I had already shared the same hashes with them a month ago. They didn't respond to me or create a detection. But as soon as Marcos shared the hashes, they created a detection. So, 'suspicious' is the product detection. That's why I've asked Marcos to share these suspicious detections with the malware researchers; maybe they'll create signatures for them. It seems that submitting samples through the forum might be the best approach. I've submitted 6 side-loading samples (3 days ago), and so far none have been detected.
Guest Posted September 3 Posted September 3 Well, I don't know why ESET's articles also state that if you don't receive any reply from malware researchers, drop them a follow-up email. I've been dropping them a follow-up email every 5 days after sending my samples initially, but they haven't replied. I think the support team should remove the false information from their article about following up with malware researchers. https://support.eset.com/en/kb141-submit-a-virus-website-or-potential-false-positive-sample-to-the-eset-lab
Guest Posted September 3 Posted September 3 I don't want to say this, but on my other PC, I have Bitdefender installed. When an undetected sample comes in and I don't have the sample itself, I simply send the malware research team the hashes, or sometimes the sample if I have it. The best thing about Bitdefender's malware researchers is that they reply to every single email you send them with samples or hashes. They clearly state whether the file/website is malicious, potentially unwanted (PUP), or neither. The key point here is that they respond to everything, and you don't even need to send them a follow-up email. This is something ESET has been lacking from the start. @Marcos, would you like to add something here? If you want to speak in favor of ESET's malware researchers, kindly consider the positive aspects I’ve mentioned about Bitdefender’s malware researchers. If your argument is that they receive thousands of samples every day and can’t respond to every single one, well, they are not the only ones. Bitdefender, Kaspersky, and Malwarebytes also receive thousands of samples, yet they manage to reply to every single email. Please consider this statement before providing your feedback. Also, the follow-up email suggestion in the ESET article I shared above doesn’t make sense and should be removed. I am not against ESET, but how can ESET's malware researchers compete with the positive feedback provided by other companies who inform users about the status of the samples/hashes they send?
itman 1,807 Posted September 3 Posted September 3 The solution here as mentioned in a previous thread is for Eset to establish a web based threat submission and detection portal such as Kaspersky has: https://opentip.kaspersky.com/ . josh_bdn 1
Recommended Posts