#signed #fake #telegram (2022-11-25)

c/mm

Dr.web MISS

biue

QVM360

智量拦截执行ps1文件



ps1文件见附件

对对对对

Avira misses

pal家族

Hello,

New malicious software was found in the attached file. Its detection will be included in the next update.
Trojan.BAT.Agent.bug

Best regards, Denis Sitchikhin, Malware Analyst
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names

anthonyqian

铁壳日常Threat artifact。

Developer Notes:

1. 0F4B7F6DA9B1375839B3E96DD2CA8C3D is not malicious itself, but may be an artifact of a threat.

wwwab

Hello,

Thank you for your patience while this case was being worked on.

We received an update from the Laboratory Team stating that the file is clean and currently not detected by our engines.

Should you need any further information, please do not hesitate to contact us.

Have a nice day!

pal家族

卡巴算是解决了。eset我不会上报。就不上报了。

RE: Re: false positive and false negative files [KL-1736344]
Kaspersky AntiVirus Lab <newvirus@kaspersky.com>        2022年11月26日 18:53
收件人："tyutxzz@gmail.com" <tyutxzz@gmail.com>
Hello,

New malicious software was found in the attached file. Its detection will be included in the next update.
Trojan.PowerShell.Zapchast.aa

Best regards, Denis Sitchikhin, Malware Analyst
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names

__________________________________________

From:   tyutxzz@gmail.com
Received:       11/26/2022 10:14:29 AM (UTC)
Sent:   11/26/2022 10:14:10 AM (UTC)
To:     newvirus@kaspersky.com
Subject:        Re: false positive and false negative files [KL-1736344]

hello
here are malicious script drop from the previous fake telegram installer
please check them。
below is download link, password is infected
https://drive.google.com/file/d/ ... kW/view?usp=sharing

Kaspersky AntiVirus Lab <newvirus@kaspersky.com <mailto:newvirus@kaspersky.com> > 于2022年11月26日周六 17:28写道：
Hello,

New malicious software was found in the attached file. Its detection will be included in the next update.
Trojan.BAT.Agent.bug

Best regards, Denis Sitchikhin, Malware Analyst
39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com https://securelist.com
https://opentip.kaspersky.com/ - get insights about suspicious files, hashes, URLs, IP addresses or domain names

__________________________________________

From: tyutxzz@gmail.com <mailto:tyutxzz@gmail.com>
Received: 11/26/2022 8:07:39 AM (UTC)
Sent: 11/26/2022 8:07:25 AM (UTC)
To: newvirus@kaspersky.com <mailto:newvirus@kaspersky.com>
Subject: false positive and false negative files

<> Telegram Desktop (19).rar <https://drive.google.com/file/d/ ... /view?usp=drive_web> <//ssl.gstatic.com/ui/v1/icons/common/x_8px.png <> >
Hello KL
Here is a undetected false negative file,
It is a signed fake telegram installer, which distribute kind of fafli backdoor trojan.
the password is infected.

wwwab

继17楼，Bd再次更正结果

Hello,

Thank you for your patience while this case was being worked on.

We received an update from the Laboratory Team stating that the Installer contains a malicious batch file. The detection should be added in the next couple of updates.

Make sure to have the Bitdefender Endpoint Security Tools properly updated.

Should you need any further information, please do not hesitate to contact us.

Have a nice day!