Beta Program > Bug Reports & Fixes

Ransomware bypasses SecureAPlus

(1/2) > >>

Shreyas Murali:
https://www.virustotal.com/gui/file/0a4befe34506ff917bd100dca5d07f4b3a033f3db73facdcd52083ee598050a6/detection
https://www.virustotal.com/gui/file/ea11409054942608f0547aabd0840a4575d117dcafca4e27666cc9857667fbb0/detection

These 2 samples manage to get past SecureA in default mode. APEX engine says unsupported format and even if i click don't trust my files get encrypted.

Isky:
Hi Shreyas Murali,

Is it possible to send the test file to us? You may compress the files and send them via https://transfer.pcloud.com/ to secureaplus@secureage.com.

Shreyas Murali:

--- Quote from: Isky on January 25, 2021, 11:27:25 AM ---Hi Shreyas Murali,

Is it possible to send the test file to us? You may compress the files and send them via https://transfer.pcloud.com/ to secureaplus@secureage.com.

--- End quote ---

Thankyou for your swift response! I have submitted the 2 samples via the service you mentioned. File name should be "Downloads.7z" with password "infected". In any case i am attaching the same here too. At this moment more engines detect the samples but in any case i don't believe we should see a different response. Please let me know the findings !

hendy:
Thank you very much for sending us the sample files.

Just would like to clarify with you.
Are these the same files as what you have posted in Wilders Security forum?


e6b870ff40dd7f8e26c9e71577d06f4a4d002654740fc414477499ebbcb8cb1a is a shortcut file (.lnk), and this file is not covered by APEX, but Application whitelisting is still able to block it.


ea11409054942608f0547aabd0840a4575d117dcafca4e27666cc9857667fbb0 is an exe file. This file is also get blocked by SecureAPlus.


From your picture in Wilders Security, the file that managed to run is hidden-tear.exe.
Is this a different file? Is it possible to send us the sample of this file?

Shreyas Murali:
Hi hendy,

Thankyou for the response. Its really strange that those samples are being blocked for you now. I am going to try it out again maybe its because i submitted it to UAV? In any case here is the hidden tear sample that i tested previously i would guess this is detected too !

Navigation

[0] Message Index

[#] Next page

Go to full version