New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible Keylogger Indicated by Falcon Sandbox #25

Open

amandarino-tei opened this issue Sep 10, 2024 · 1 comment

amandarino-tei commented Sep 10, 2024

Falcon Sandbox indicates a possible keylogger http://www.hybrid-analysis.com/sample/6b3bca249c7e8b8b8daddf4b7f6bf250a1274b0ce4e05ac156592ce9b7339ea6/66e09b02b26e9228260f9ad2

mechanysm commented Oct 30, 2024

@amandarino-tei You may want to investigate the detection it a little more before submitting an issue

From the link you provided.
details "sample.bin" contains indicator "[ENTER]" (Line: 64; Offset: 17)

Line 64 of the file "INSTALL_IntuneWin32Deployer.ps1" which hybrid-analysis refers to as sample.bin
Read-Host "Press [Enter] to close"

So very much a false positive, especially given"[Enter]" is a only one indicator and a weak indicator on its own.

Maintainer should close this issue and likely related issue #23 as without more context it appears to be the same false positive.

mechanysm mentioned this issue

Flagged as Trojan #23

Open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment