Author Topic: Ransomware bypasses SecureAPlus (Read 57613 times)

Shreyas Murali · « **on:** January 22, 2021, 11:18:28 AM »

https://www.virustotal.com/gui/file/0a4befe34506ff917bd100dca5d07f4b3a033f3db73facdcd52083ee598050a6/detection
https://www.virustotal.com/gui/file/ea11409054942608f0547aabd0840a4575d117dcafca4e27666cc9857667fbb0/detection

These 2 samples manage to get past SecureA in default mode. APEX engine says unsupported format and even if i click don't trust my files get encrypted.

Isky · « **Reply #1 on:** January 25, 2021, 11:27:25 AM »

Hi Shreyas Murali,

Is it possible to send the test file to us? You may compress the files and send them via https://transfer.pcloud.com/ to secureaplus@secureage.com.

Shreyas Murali · « **Reply #2 on:** January 26, 2021, 08:08:58 PM »

Quote from: Isky on January 25, 2021, 11:27:25 AM

Hi Shreyas Murali,

Is it possible to send the test file to us? You may compress the files and send them via https://transfer.pcloud.com/ to secureaplus@secureage.com.

Thankyou for your swift response! I have submitted the 2 samples via the service you mentioned. File name should be "Downloads.7z" with password "infected". In any case i am attaching the same here too. At this moment more engines detect the samples but in any case i don't believe we should see a different response. Please let me know the findings !

hendy · « **Reply #3 on:** January 27, 2021, 12:34:09 PM »

Thank you very much for sending us the sample files.

Just would like to clarify with you.
Are these the same files as what you have posted in Wilders Security forum?

e6b870ff40dd7f8e26c9e71577d06f4a4d002654740fc414477499ebbcb8cb1a is a shortcut file (.lnk), and this file is not covered by APEX, but Application whitelisting is still able to block it.

ea11409054942608f0547aabd0840a4575d117dcafca4e27666cc9857667fbb0 is an exe file. This file is also get blocked by SecureAPlus.

From your picture in Wilders Security, the file that managed to run is hidden-tear.exe.
Is this a different file? Is it possible to send us the sample of this file?

Shreyas Murali · « **Reply #4 on:** January 27, 2021, 08:08:10 PM »

Hi hendy,

Thankyou for the response. Its really strange that those samples are being blocked for you now. I am going to try it out again maybe its because i submitted it to UAV? In any case here is the hidden tear sample that i tested previously i would guess this is detected too !

Shreyas Murali · « **Reply #5 on:** January 27, 2021, 08:52:08 PM »

Here are 2 fresh malware samples that i just tested against secureA on defaults (automatic mode) they manage to infect the system. First sample is hxxp://try-dent.net/6gdwwv.exe

Mailed "shared.7z" with password: infected

hendy · « **Reply #6 on:** January 29, 2021, 05:04:29 AM »

Thank you very much for sending us the sample file, and let us know the mode that you are using.
We will think of how to improve the default mode, which is automatic mode.

If you have any other sample files that you found can pass in interactive mode, we are also interested in this, so please send the sample files to us.
Again, we thank you very much for your corporation. We appreciate this very much.

Cheers.

Author Topic: Ransomware bypasses SecureAPlus (Read 57613 times)

Shreyas Murali

Ransomware bypasses SecureAPlus

Isky

Re: Ransomware bypasses SecureAPlus

Shreyas Murali

Re: Ransomware bypasses SecureAPlus

hendy

Re: Ransomware bypasses SecureAPlus

Shreyas Murali

Re: Ransomware bypasses SecureAPlus

Shreyas Murali

Re: Ransomware bypasses SecureAPlus

hendy

Re: Ransomware bypasses SecureAPlus