Published on January 08, 2019

ReaQta Behavioral Engine and Virustotal

Over the past 3 months ReaQta has been working closely with VirusTotal to integrate ReaQta-Hive‘s behavioral engine, today we are excited to announce that the integration is complete and available to the public. VirusTotal is a free service that analyzes files and URLs to detect malicious content, the platform is well-known among security researchers as it offers powerful threat hunting features and automated scanning over a multitude of Antivirus solutions.

VirusTotal users will now have access to complete behavioral reports that will help analysts worldwide to understand the activity of malicious samples. ReaQta-Hive processes the behavior of executable samples, documents and scripts (xls documents, LOLBins etc); when present the analysis will appear in the “behavior” tab:
ReaQta behavioral report on VirusTotal

By clicking on “Detailed report” the interactive report will be shown, the symbols we use are explained in the Behavioral Tree Legend page that can be accessed by clicking on the link on bottom left of the behavioral tree:

ReaQta Behavioral Tree
The activities of a sample are automatically evaluated via Machine Learning and shown in the detailed report. The integration of ReaQta-Hive with VirusTotal allows the analyst to understand not just the threat’s behavior, but also the risk and impact associated to every action. On top of that multiple events are automatically aggregated and transformed into high-level meta-behaviors that can easily be understood like: keyloggers, screenshots, credentials dumping etc…
ReaQta will continue working to scale-up the stream of data provided to VirusTotal and to make the analysis available on an increasingly larger number of samples on a daily basis. Going forward we will seamlessly integrate more features from our ReaQta-Hive platform and we will make them available to the wider audience directly on VirusTotal.
The reports provided offer a view over the actions initiated by a sample at runtime, they provide an in-depth view over a potential threat that is not normally accessible without running the sample on a real machine. The information extracted is a starting point for the analysts to get the big picture and to understand what components and techniques are involved in a given attack scenario.