cancel
Showing results for 
Search instead for 
Did you mean: 
jabii
Level 7

New Zbot samples sent. No answered got yet.

Jump to solution

Hello,

Monday - 06.03.2017 i have sent to Virus_Research@avertlabs.com using my corporate email, 5 samples of an undetected version of Zbot malware - (at least this was the answer from our ATD machine).

Could someone tell me what is the status? Can i have an extradat file for them?

Analysis ID: 10310609

Analysis ID: 10310608

Analysis ID: 10310606

Analysis ID: 10310575

PS: i found those samples only after i made a query for Threat event --> prevention of using the port 25. Those malware will inject their process in svchost.exe: C:\WINDOWS\SYSWOW64\SVCHOST.EXE .

Startup type/mode: HKCU\SOFT WARE\Microsof t\Windows\CurrentVersion\Run\MSConfig "C:\Users\Administrator\xbswyfjt.exe" REG_SZ ..... (ATD returned this information)

Process Created

Process Name Module

"c:\users\administrator\appdata\local\temp\0506.bat"

"c:\users\administrator\xbswyf jt.exe"

0 Kudos
1 Solution

Accepted Solutions
catdaddy
Level 20

Re: New Zbot samples sent. No answered got yet.

Jump to solution

I just received this correspondence from the Engineer working on your submission. Please provide the Analysis ID # s here. And shoot the 2 other hashes to me in a Direct Message.

Cliff,

If you have the Hashes it would be great as I’ve just finished adding detection for the other 4 files.

Regards,

  Charles Crofford


Threat Intelligence Anti-Malware Security Researcher /
JTI Content Development


McAfee Labs

Cliff
McAfee Volunteer
0 Kudos
11 Replies
catdaddy
Level 20

Re: New Zbot samples sent. No answered got yet.

Jump to solution

​,

               While I am from Consumer Products, I work closely with the Technicians/Engineers from McAfee Labs. I can personally escalate your submissions on your behalf, since you have provided the Analysis ID #'S. I will do so through the Ask Malware Response Portal. It will be placed in their Queue.

               Your Escalated Ticket Number is as follows Ticket #: AM000855 - Corporate Product Submissions (Unanswered )

Cliff

Moderator

Consumer Products

Cliff
McAfee Volunteer
0 Kudos
jabii
Level 7

Re: New Zbot samples sent. No answered got yet.

Jump to solution

Thank you Catdaddy. I'll wait for an answer.

By the way can i verify myself the resolution of this Ticket #: AM000855 somewhere? Do you have an URL for me?

0 Kudos
catdaddy
Level 20

Re: New Zbot samples sent. No answered got yet.

Jump to solution

It is a Service Portal for Malware Detections which you have to be authorized to send to. I will apprise you immediately upon any correspondence I receive back. Normally it is in short order. I have followed you, and will Private message you.

Direct Message sent...

Cliff
McAfee Volunteer
0 Kudos
catdaddy
Level 20

Re: New Zbot samples sent. No answered got yet.

Jump to solution

As Promised, I just received this correspondence from one of the Lab Technicians.

Hi Cliff,

I have escalated this ticket to the Threat Intelligence team to take a look at the sample provided by the customer. I will notify the team this morning of this ticket in our morning meeting.


Thank you!

Danielle

Cliff
McAfee Volunteer
0 Kudos
jabii
Level 7

Re: New Zbot samples sent. No answered got yet.

Jump to solution

Thank you Catdaddy for the prompt answer.

I'll wait for a resolution.

0 Kudos
catdaddy
Level 20

Re: New Zbot samples sent. No answered got yet.

Jump to solution

You are quite welcome. Normally the Labs handle submissions in 2-3 days or less. They of course could be inundated, luckily Danielle is on the case

Cliff
McAfee Volunteer
0 Kudos
catdaddy
Level 20

Re: New Zbot samples sent. No answered got yet.

Jump to solution

I just received this back from the labs,after following up with them;

Hi Cliff,

We do have an a TI engineer working on the case now and it is assigned to him. It is currently in progress. As soon you get the IDs for the other two samples let us know.


Thank you Cliff for the update!

Danielle Clarke

Please provide us the additional Analysis id #'s

Cliff
McAfee Volunteer
0 Kudos
catdaddy
Level 20

Re: New Zbot samples sent. No answered got yet.

Jump to solution

I just received this correspondence from the Engineer working on your submission. Please provide the Analysis ID # s here. And shoot the 2 other hashes to me in a Direct Message.

Cliff,

If you have the Hashes it would be great as I’ve just finished adding detection for the other 4 files.

Regards,

  Charles Crofford


Threat Intelligence Anti-Malware Security Researcher /
JTI Content Development


McAfee Labs

Cliff
McAfee Volunteer
0 Kudos
catdaddy
Level 20

Re: New Zbot samples sent. No answered got yet.

Jump to solution

Kindly apprise us when you get all of your Dats for the detections you submitted. This way we can consider this Discussion/Thread resolved.

Thanks

Cliff

Cliff
McAfee Volunteer
0 Kudos