Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on October 03, 2022, 01:34:42 PM

Title: Malware missed at VT....
Post by: polonus on October 03, 2022, 01:34:42 PM

Where it was missed: https://www.virustotal.com/gui/url/ae35c81ec3c9feda26d5f6b9191d25a761b0cb4866071697a99f6e4a18490735/details

Where it was alerted: https://urlhaus.abuse.ch/url/2346044/  as malware download: RedLine & RedLine Stealer

The site -cdn.discordapp.com is a legit site (it's the hosting sites for files shared via the Discord app), however just like Reddit, Twitter, FB Messenger, or other social media sites... it can still be used to share malware & other inappropriate things, also check the missing certification.

(Note also CloudFlare errors) -> 2 red out of 10:
https://sitereport.netcraft.com/?url=https://cdn.discordapp.com

polonus

Title: Re: Malware missed at VT....
Post by: Pondus on October 03, 2022, 04:30:40 PM

You say malware missed, but the VT link you give is for URL blacklist check (now on two blacklists)
If you use the SHA256 given by URL haus for the payload file then the result is different


https://www.virustotal.com/gui/file/7379bbd5a1cd0eb22a5dadc206074e2fc053692cd1e665cf569ddf9fa3b3fbcc/detection