3c52081a7d38a864dbd83a480418616f46845f81
In Verdict Cloud this has been marked clean past human analysis. This demonstrates many characteristics of malware and since upload many other vendors are also alarming it’s an infostealer.
Please review. VirusTotal - File - 8acb40974fb9689ada014e6dcc50be3b94119ea0a31e5c612e589325898224ff
hi @BeeHiveCyberSecurity
I have forwarded the details to the concern team to look into it
hi @BeeHiveCyberSecurity
the issue is fixed and the old signature is removed
It’s not unwanted it’s stealer.
I appreciate the fixing of the signature, however…we have a serious problem to discuss here.
You told me Clean. I told you Infostealer. You then told me Unwanted, now you tell me Infostealer after I told you Infostealer after you told me it was clean…see the problem here?
Does XCITIUM believe this file is an infostealer because I’ve insisted it’s an infostealer and XCITIUM agrees? Or has it now been marked as an infostealer pending a human expert re-review internally by XCITIUM…
This also brings into question, if “human expert analysis” decided an infostealer was a clean file…huh? That creates an entirely different risk towards XCITIUM’s core protection model and we really, I mean…you can’t have this happening yknow, you can’t have your analysts just letting infostealers through the pearly gates, that’s kinda what people are hoping to prevent…I guess I’m looking for some context as to
- how this was missed in the first half
- how we’re going to prevent reoccurances moving forward
- what the impact of this file being marked clean would have meant for those using XCS and assorted.
Every click, malware, PUA, clean - it potentially drastically changes an outcome for someone, we must be sure of our decisions.
2 Likes
hi @BeeHiveCyberSecurity
thank you for your feedback , I will share it to the concern team to look into it.
1 Like
hi @BeeHiveCyberSecurity
Please find the update provided by our specialist team on your query -
"we have checked the sample and even though it has a few similar action with PUA and a password stealer, we couldn’t see any actions for collecting and sending the data to a remote host. We will search for more samples and keep them live for further investigations. Thank you. "