Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ryan_St__Germai
Advisor

False Negative with Threat Emulation

Hey guys,

I just saw a Tweet regarding a ransomware payload with a low Ant-Virus detection rate. I grabbed a copy of it and ran the sample through the sandblast analysis website. The result is coming back as clean. 

App.any.run shows obvious malicious behavior: LockerGoga.exe (MD5: 16BCC3B7F32C41E7C7222BF37FE39FE6) - Interactive analysis - ANY.RUN 

Tweet:MalwareHunterTeam on Twitter: "Let me present you, in 2019 March, a signed LockerGoga ransomware sam... 

MD5: 16bcc3b7f32c41e7c7222bf37fe39fe6
SHA1: a25bc5442c86bdeb0dec6583f0e80e241745fb73
Just wanted to give a heads up in case the system is in fact not detecting this as malicious. 
0 Kudos
4 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events