Author Topic: Malware missed at VT....  (Read 1061 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Malware missed at VT....
« on: October 03, 2022, 01:34:42 PM »
Where it was missed: https://www.virustotal.com/gui/url/ae35c81ec3c9feda26d5f6b9191d25a761b0cb4866071697a99f6e4a18490735/details

Where it was alerted: https://urlhaus.abuse.ch/url/2346044/  as malware download: RedLine & RedLine Stealer

The site -cdn.discordapp.com is a legit site (it's the hosting sites for files shared via the Discord app), however just like Reddit, Twitter, FB Messenger, or other social media sites... it can still be used to share malware & other inappropriate things, also check the missing certification.

(Note also CloudFlare errors) -> 2 red out of 10:
https://sitereport.netcraft.com/?url=https://cdn.discordapp.com

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: Malware missed at VT....
« Reply #1 on: October 03, 2022, 04:30:40 PM »
You say malware missed, but the VT link you give is for URL blacklist check (now on two blacklists)
If you use the SHA256 given by URL haus for the payload file then the result is different


https://www.virustotal.com/gui/file/7379bbd5a1cd0eb22a5dadc206074e2fc053692cd1e665cf569ddf9fa3b3fbcc/detection