Jump to content

Recommended Posts

From a standard Quantower installation the DLL for their Telegram flags as Trojan.PasswordStealer.Discord. It also shows some detections on https://www.hybrid-analysis.com/ but nothing 100% (https://www.hybrid-analysis.com/sample/abfe494951171aeb553e683d4cde6bfcc646ff93500c5af9f62bd0d48c87f339/6384ce2006ec372a67187ed7). Some of them seem to be verifiably false quite obviously however. Also I left a version of this untouched for a few months and no change data whatsoever occurred as far as I could tell which from my understanding isnt especially common with this type of malware if it were actually malicious.

ATT&CK IDs from Hybrid-Analysis: T1106, T1082, T1083, T1056.004, T1012, T1573, T1027.002

Malwarebytes threat report:

Hash: ABFE494951171AEB553E683D4CDE6BFCC646FF93500C5AF9F62BD0D48C87F339

Threat name: Trojan.PasswordStealer.Discord

 

I dont know if this is actually a false positive but I would appreciate anything people could do to determine that or if it is actually malicious with certainty.

TelegramMessenger.zip file_detection_quantower_false_positive_validation.txt

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.