Jump to content

Recommended Posts

Posted

I tried to explain events via pictures and links. I especially took the screenshots full screen for date and time. Hope it helps.

I bought Kaspersky Premium subscription and tested some malwares with it's Real Time Protection feature. I download some samples from known malware sample websites. KP (Kaspersky Premium) is detecting "some" of them while downloading to my computer (i guess because of their HASH'es). BUT i tested some samples which i encountered on the internet and tried to copy to my computer and KP did NOT detect this KNOWN (Virustotal 52/73) malware and other one is KNOWN (Virustotal 48/73) malware.

I rescanned these malwares at 21:13 or 21:14 (UTC +3) and still NOT detecting. I am curious is Kaspersky updating their data through Virustotal or NOT? Because first file's first submission date 9 SPT and second file's first submission is 19 AUG.

How Kaspersky CAN NOT detect these KNOWN malwares?

Can someone (Kaspersky Malware Analysis Team) explain me this situtation? I don't feel safe while using Kaspersky Premium because it doesn't meet my BASIC requirements.

If possible may i buy Kaspersky EDR/XDR for home use with low price or big discount? Any help would be appreciated!

Thanks in advance.

Kind Regards.

https://www.virustotal.com/gui/file/020420f20ee32bda982599939e5d4bcffcabd57e22a911f5eeeabf29e4dede7a/detection

https://www.virustotal.com/gui/file/d90564f22fc7b04020a55e592056b659edec8e70d9463c77d79bb82bd370fa57/detection

image.thumb.png.f2e6f7d5ab6f315864d0735c51290911.png

image.thumb.png.fd9c56edd281391b26267e3078732838.png

harlan4096
Posted

Welcome to Kaspersky Community.

 

Can You provide me via personal message links to download those samples? thanks.

  • Like 1
  • Thanks 1
Posted
1 minute ago, harlan4096 said:

Welcome to Kaspersky Community.

 

Can You provide me via personal message links to download those samples? thanks.

Sure, i can provide. One moment.

  • Thanks 1
Posted
46 minutes ago, harlan4096 said:

Welcome to Kaspersky Community.

 

Can You provide me via personal message links to download those samples? thanks.

Sent PM.

  • Thanks 1
harlan4096
Posted

image.png.21a8d7678b2246b69467ff6a82b72886.png

 

When extracting... the other sample unknown for now...

 

I ran the remaining sample in a VM, with KPremium 21.18a + W11Pro:

 

image.thumb.png.3467376ff3cc2a85c1f92e32c1eddb62.png

 

Anyway, sent to K. analysts, waiting for final verdict...

  • Like 1
  • Thanks 1
Posted
23 minutes ago, harlan4096 said:

image.png.21a8d7678b2246b69467ff6a82b72886.png

 

When extracting... the other sample unknown for now...

 

I ran the remaining sample in a VM, with KPremium 21.18a + W11Pro:

 

image.thumb.png.3467376ff3cc2a85c1f92e32c1eddb62.png

 

Anyway, sent to K. analysts, waiting for final verdict...

Thanks for the quick explanation but i did same steps like you. Downloaded to my Windows computer (Windows 10 - i don't think it's relevant with 10 or 11) and not detected. And then i copied that from Downloads to Desktop and still not detected. Not deleted. I wish i would record a video about this but i only took screenshot. By the way console_zero.exe needs some libraries like in that error. Malware is downloading some libraries and executing itself. If you want re-procedure the attack simulation i can help you. Also we prepared a report an analysis report about this malware type. Anyway, let's wait the final verdict and see how it's going. But as i said before i copied the malware and it didn't detect. My KP version is 21.18.5.438(a)

  • Like 1
harlan4096
Posted

Second sample that was undetected, now it is:


 

Quote

 

Hello,

New malicious software was found in the attached file:
console_zero (1).exe_ - Trojan.Win64.Agentb.latw

Its detection will be included in the next update.
Thank you for your help.

Best regards, Malware Analyst

 

 

  • Thanks 1
Posted

But Undetected means no one detected it yet. Isn't it? Do i know wrong?

harlan4096
Posted

I mean that was undetected, now it is added, as You can see in my previous post, final verdict...

Also, many undetected by signature of cloud virus can be detected by behavior -> System Watcher module, but that one needs additional files/libraries to work properly, so We can't know if it would be detected by this method.

Posted
2 minutes ago, harlan4096 said:

I mean that was undetected, now it is added, as You can see in my previous post, final verdict...

Thank you for your help. You can find other similar (%100) samples with links (i will send via PM). Some of them is %100 FUD and no one detected them yet. I will send after 5-6 hours with links and IP addresses. I have some work now

  • Like 1
harlan4096
Posted

👍

Anyway You can log-in here KOTIP  with Your My Kaspersky credential, upload the files (one by one), and once the automatic analysis ends, submit the undetected or unknown malware, following this steps:

 

 

Posted
12 minutes ago, harlan4096 said:

I mean that was undetected, now it is added, as You can see in my previous post, final verdict...

Also, many undetected by signature of cloud virus can be detected by behavior -> System Watcher module, but that one needs additional files/libraries to work properly, so We can't know if it would be detected by this method.

At least i guess you should work with Virustotal for updating signatures because submission dates are too old. I don't know how Kaspersky works but at least they should "know" very known malware samples. Anyway, it's up to you.

  • Like 1
harlan4096
Posted

VirusTotal often does not reflect Kaspersky detections properly, I mean, there appear are not detected, but they are actually.

  • Like 1
harlan4096
Posted

Both files are detected now in KPremium 21.18a

 

image.thumb.png.301fac3a548e5f174103bb5922f9c705.png

  • 2 weeks later...
Posted

Yes it detected after a long time. Anyway, appreciated for all your help. If possible i wanna buy EDR/XDR with low prices (maybe discount) for home use. Thanks in advance.

  • Like 1

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...