Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on April 08, 2020, 05:02:45 PM

Title: Does avast detect Hawkeye generic malware in PUP-mode?
Post by: polonus on April 08, 2020, 05:02:45 PM

21 engines now detect this: https://www.virustotal.com/gui/file/843edc7bc28351c5404d3e03b1a989a26b07b0644874a063952460a6f7ae6a42/detection
See: https://urlhaus.abuse.ch/url/336708/
Site has been blacklisted: https://sitecheck.sucuri.net/results/robotrade.com.vn
See: https://www.shodan.io/host/103.74.123.3/raw
Google Safe Browse checks have been performed on each of the linked sites.
Links with poor reputation could be a threat to users of the site.
Hosting and location are also included in the results.

Externally Linked Host   Hosting Provider   Country   
    -derchris.net   Cloudflare.   United-States    
    -www.cloudflare.com   Cloudflare.   United-States

Hosting: https://www.shodan.io/host/103.74.123.3  503  insecure!
Service Unavailable 503 error
The server is temporarily busy, try again later!

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

Title: Re: Does avast detect Hawkeye generic malware in PUP-mode?
Post by: DavidR on April 08, 2020, 09:44:34 PM

Hard to say, given no detection by Avast or AVG in the VT Results.  But they only use the on-demand scanner, so other on-access scanners might.

I wonder if there is some way to send the MD5/SHA-, etc. to avast and see if they can pull it from VT or see if they have a match on the MD5/SHA-, etc.

In due course all non-detected samples should be sent to those AVs not detecting malware.

Title: Re: Does avast detect Hawkeye generic malware in PUP-mode?
Post by: bob3160 on April 08, 2020, 10:26:42 PM

A good place to ask Damien is on Slack.

Title: Re: Does avast detect Hawkeye generic malware in PUP-mode?
Post by: polonus on April 09, 2020, 12:58:53 AM

Good advice, bob3160, well I also sent it down via Suspicious Site Reporter extension.
Guess that avast team follows URLHaus reports and GreyNoise reports as well.
They told me so.

Then av is like Reader's Digest, they have to make a selection of what to flag  ;D

Apart from that everyone has his own responsibility as well,
and it is a great thing you and DavidR share that responsibility.
We are always out in the trenches, in whatever position,
that we contribute in the fight against malware and malcreants.

Best regards and keep healthy during these days of the corona-virus pandemic,  :)

Damian a.k.a. polonus

Title: Re: Does avast detect Hawkeye generic malware in PUP-mode?
Post by: Asyn on April 09, 2020, 09:26:11 AM

Hi guys, Avast detects it now.

https://www.virustotal.com/gui/file/843edc7bc28351c5404d3e03b1a989a26b07b0644874a063952460a6f7ae6a42/detection